[
https://issues.apache.org/jira/browse/COMPRESS-421?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Roel Spilker updated COMPRESS-421:
----------------------------------
Description:
TarUtils.parseName does not stop at the first NUL byte, resulting in non-empty
strings where they should be empty.
This manifests if the tar file contains a star_header struct instead of a
posix_header as defined in
https://www.gnu.org/software/tar/manual/html_node/Standard.html
The javadoc on parseName states "Parse an entry name from a buffer. Parsing
stops when a NUL is found or the buffer length is reached."
However, the implementation starts at the end of the buffer and stops when the
first non-NUL is found.
The solution is to replace:
{code:java}
int len = length;
for (; len > 0; len--) {
if (buffer[offset + len - 1] != 0) {
break;
}
}
{code}
by
{code:java}
int len = 0;
for (int i = offset; len < length && buffer[i] != 0; i++, len++);
{code}
This has been introduce in commit
https://git-wip-us.apache.org/repos/asf?p=commons-compress.git;a=commitdiff;h=69ceb4e14feb6273c06c1e35ba116b6783bb3278
was:
TarUtils.parseName does not stop at the first NUL byte, resulting in non-empty
strings where they should be empty.
This manifests if the tar file contains a star_header struct instead of a
posix_header as defined in
https://www.gnu.org/software/tar/manual/html_node/Standard.html
The javadoc on parseName states "Parse an entry name from a buffer. Parsing
stops when a NUL is found or the buffer length is reached."
However, the implementation starts at the end of the buffer and stops when the
first non-NUL is found.
The solution is to replace:
{code:java}
int len = length;
for (; len > 0; len--) {
if (buffer[offset + len - 1] != 0) {
break;
}
}
{code}
by
{code:java}
int len = 0;
for (int i = offset; buffer[i] != 0 && len < length; i++, len++);
{code}
This has been introduce in commit
https://git-wip-us.apache.org/repos/asf?p=commons-compress.git;a=commitdiff;h=69ceb4e14feb6273c06c1e35ba116b6783bb3278
> TarUtils.parseName does not follow the spec
> -------------------------------------------
>
> Key: COMPRESS-421
> URL: https://issues.apache.org/jira/browse/COMPRESS-421
> Project: Commons Compress
> Issue Type: Bug
> Components: Archivers
> Affects Versions: 1.4, 1.14
> Reporter: Roel Spilker
> Priority: Minor
> Attachments: foo.tar.gz
>
>
> TarUtils.parseName does not stop at the first NUL byte, resulting in
> non-empty strings where they should be empty.
> This manifests if the tar file contains a star_header struct instead of a
> posix_header as defined in
> https://www.gnu.org/software/tar/manual/html_node/Standard.html
> The javadoc on parseName states "Parse an entry name from a buffer. Parsing
> stops when a NUL is found or the buffer length is reached."
> However, the implementation starts at the end of the buffer and stops when
> the first non-NUL is found.
> The solution is to replace:
> {code:java}
> int len = length;
> for (; len > 0; len--) {
> if (buffer[offset + len - 1] != 0) {
> break;
> }
> }
> {code}
> by
> {code:java}
> int len = 0;
> for (int i = offset; len < length && buffer[i] != 0; i++, len++);
> {code}
> This has been introduce in commit
> https://git-wip-us.apache.org/repos/asf?p=commons-compress.git;a=commitdiff;h=69ceb4e14feb6273c06c1e35ba116b6783bb3278
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
