This is an automated email from the ASF dual-hosted git repository. peterlee pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push: new d5d9862 COMPRESS-530 : skip non-number when parsing pax header d5d9862 is described below commit d5d9862870e1c7e7110418d97665fdda717babad Author: PeterAlfredLee <peteralfred...@gmail.com> AuthorDate: Tue May 26 20:28:37 2020 +0800 COMPRESS-530 : skip non-number when parsing pax header --- .../compress/archivers/tar/TarArchiveInputStream.java | 6 ++++++ .../compress/archivers/tar/TarArchiveInputStreamTest.java | 9 +++++++++ src/test/resources/COMPRESS-530.tar | Bin 0 -> 525 bytes 3 files changed, 15 insertions(+) diff --git a/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java b/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java index 716718d..45f6b89 100644 --- a/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java +++ b/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java @@ -745,6 +745,12 @@ public class TarArchiveInputStream extends ArchiveInputStream { } break; // Processed single header } + + // COMPRESS-530 : skip non-number chars + if (ch < '0' || ch > '9') { + continue; + } + len *= 10; len += ch - '0'; } diff --git a/src/test/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStreamTest.java b/src/test/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStreamTest.java index b1cee11..095ec2c 100644 --- a/src/test/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStreamTest.java +++ b/src/test/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStreamTest.java @@ -424,6 +424,15 @@ public class TarArchiveInputStreamTest extends AbstractTestCase { } } + @Test(expected = IOException.class) + public void testParseTarWithSpecialPaxHeaders() throws IOException { + try (FileInputStream in = new FileInputStream(getFile("COMPRESS-530.tar")); + TarArchiveInputStream archive = new TarArchiveInputStream(in)) { + archive.getNextEntry(); + IOUtils.toByteArray(archive); + } + } + private TarArchiveInputStream getTestStream(final String name) { return new TarArchiveInputStream( TarArchiveInputStreamTest.class.getResourceAsStream(name)); diff --git a/src/test/resources/COMPRESS-530.tar b/src/test/resources/COMPRESS-530.tar new file mode 100644 index 0000000..63f6780 Binary files /dev/null and b/src/test/resources/COMPRESS-530.tar differ