[commons-compress] 04/13: COMPRESS-540: Include fix for COMPRESS-544

Fri, 08 Jan 2021 19:20:50 -0800 

This is an automated email from the ASF dual-hosted git repository.

peterlee pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git

commit 57e2b28baddbd4c7abb4be590d7d9d7ecaf9e54f
Author: theobisproject <theobisproj...@gmail.com>
AuthorDate: Sun Aug 30 14:07:43 2020 +0200

    COMPRESS-540: Include fix for COMPRESS-544
---
 .../org/apache/commons/compress/archivers/tar/TarFile.java   | 12 ++++++++++++
 .../apache/commons/compress/archivers/tar/TarFileTest.java   | 12 ++++++++++++
 2 files changed, 24 insertions(+)

diff --git 
a/src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java 
b/src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java
index c33ba2e..41e3db8 100644
--- a/src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java
+++ b/src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java
@@ -234,6 +234,7 @@ public class TarFile implements Closeable {
         if (currEntry != null) {
             // Skip to the end of the entry
             archive.position(currEntry.getDataOffset() + currEntry.getSize());
+            throwExceptionIfPositionIsNotInArchive();
 
             skipRecordPadding();
         }
@@ -501,6 +502,17 @@ public class TarFile implements Closeable {
             final long numRecords = (currEntry.getSize() / recordSize) + 1;
             final long padding = (numRecords * recordSize) - 
currEntry.getSize();
             archive.position(archive.position() + padding);
+            throwExceptionIfPositionIsNotInArchive();
+        }
+    }
+
+    /**
+     * Checks if the current position of the SeekableByteChannel is in the 
archive.
+     * @throws IOException If the position is not in the archive
+     */
+    private void throwExceptionIfPositionIsNotInArchive() throws IOException {
+        if (archive.size() < archive.position()) {
+            throw new IOException("Truncated TAR archive");
         }
     }
 
diff --git 
a/src/test/java/org/apache/commons/compress/archivers/tar/TarFileTest.java 
b/src/test/java/org/apache/commons/compress/archivers/tar/TarFileTest.java
index a453d3b..778d959 100644
--- a/src/test/java/org/apache/commons/compress/archivers/tar/TarFileTest.java
+++ b/src/test/java/org/apache/commons/compress/archivers/tar/TarFileTest.java
@@ -84,4 +84,16 @@ public class TarFileTest extends AbstractTestCase {
         }
     }
 
+    @Test(expected = IOException.class)
+    public void testParseTarTruncatedInPadding() throws IOException {
+        try (TarFile tarFile = new 
TarFile(getPath("COMPRESS-544_truncated_in_padding.tar"))) {
+        }
+    }
+
+    @Test(expected = IOException.class)
+    public void testParseTarTruncatedInContent() throws IOException {
+        try (TarFile tarFile = new 
TarFile(getPath("COMPRESS-544_truncated_in_content.tar"))) {
+        }
+    }
+
 }

Reply via email to