This is an automated email from the ASF dual-hosted git repository.

peterlee pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git


The following commit(s) were added to refs/heads/master by this push:
     new d5d9862  COMPRESS-530 : skip non-number when parsing pax header
d5d9862 is described below

commit d5d9862870e1c7e7110418d97665fdda717babad
Author: PeterAlfredLee <peteralfred...@gmail.com>
AuthorDate: Tue May 26 20:28:37 2020 +0800

    COMPRESS-530 : skip non-number when parsing pax header
---
 .../compress/archivers/tar/TarArchiveInputStream.java     |   6 ++++++
 .../compress/archivers/tar/TarArchiveInputStreamTest.java |   9 +++++++++
 src/test/resources/COMPRESS-530.tar                       | Bin 0 -> 525 bytes
 3 files changed, 15 insertions(+)

diff --git 
a/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java
 
b/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java
index 716718d..45f6b89 100644
--- 
a/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java
+++ 
b/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java
@@ -745,6 +745,12 @@ public class TarArchiveInputStream extends 
ArchiveInputStream {
                     }
                     break; // Processed single header
                 }
+
+                // COMPRESS-530 : skip non-number chars
+                if (ch < '0' || ch > '9') {
+                    continue;
+                }
+
                 len *= 10;
                 len += ch - '0';
             }
diff --git 
a/src/test/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStreamTest.java
 
b/src/test/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStreamTest.java
index b1cee11..095ec2c 100644
--- 
a/src/test/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStreamTest.java
+++ 
b/src/test/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStreamTest.java
@@ -424,6 +424,15 @@ public class TarArchiveInputStreamTest extends 
AbstractTestCase {
         }
     }
 
+    @Test(expected = IOException.class)
+    public void testParseTarWithSpecialPaxHeaders() throws IOException {
+        try (FileInputStream in = new 
FileInputStream(getFile("COMPRESS-530.tar"));
+             TarArchiveInputStream archive = new TarArchiveInputStream(in)) {
+            archive.getNextEntry();
+            IOUtils.toByteArray(archive);
+        }
+    }
+
     private TarArchiveInputStream getTestStream(final String name) {
         return new TarArchiveInputStream(
                 TarArchiveInputStreamTest.class.getResourceAsStream(name));
diff --git a/src/test/resources/COMPRESS-530.tar 
b/src/test/resources/COMPRESS-530.tar
new file mode 100644
index 0000000..63f6780
Binary files /dev/null and b/src/test/resources/COMPRESS-530.tar differ

Reply via email to