This is an automated email from the ASF dual-hosted git repository. peterlee pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push: new 555daa4 COMPRESS-553 : fix for pax header of tar 555daa4 is described below commit 555daa4e9bfca0df3449f5484d5b87a5194a5abd Author: PeterAlfredLee <peteralfred...@gmail.com> AuthorDate: Wed Oct 7 10:51:00 2020 +0800 COMPRESS-553 : fix for pax header of tar The length validation in TarArchiveInputStream.parsePaxHeaders should also consider the headers with length smaller than 1 and ignore these headers. --- src/changes/changes.xml | 6 ++++++ .../compress/archivers/tar/TarArchiveInputStream.java | 2 +- .../archivers/tar/TarArchiveInputStreamTest.java | 15 ++++++++++++--- src/test/resources/COMPRESS-553.tar | Bin 0 -> 7168 bytes 4 files changed, 19 insertions(+), 4 deletions(-) diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 13c8b5d..f371886 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -242,6 +242,12 @@ The <action> type attribute can be add,update,fix,remove. Descriptor and STORED, and without the Data Descriptor signature. </action> + <action issue="COMPRESS-553" type="fix" date="2020-10-07" + due-to="Maksim Zuev" dev="PeterLee"> + The length validation in TarArchiveInputStream.parsePaxHeaders + should also consider the headers with length smaller than 1 + and ignore these headers. + </action> </release> <release version="1.20" date="2020-02-08" description="Release 1.20 (Java 7)"> diff --git a/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java b/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java index 62766f2..cecef21 100644 --- a/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java +++ b/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java @@ -754,7 +754,7 @@ public class TarArchiveInputStream extends ArchiveInputStream { final String keyword = coll.toString(CharsetNames.UTF_8); // Get rest of entry final int restLen = len - read; - if (restLen == 1) { // only NL + if (restLen <= 1) { // only NL headers.remove(keyword); } else { final byte[] rest = new byte[restLen]; diff --git a/src/test/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStreamTest.java b/src/test/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStreamTest.java index 69841d9..31e6f1b 100644 --- a/src/test/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStreamTest.java +++ b/src/test/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStreamTest.java @@ -444,7 +444,7 @@ public class TarArchiveInputStreamTest extends AbstractTestCase { @Test(expected = IOException.class) public void testParseTarTruncatedInPadding() throws IOException { - try (FileInputStream in = new FileInputStream(getFile("./COMPRESS-544_truncated_in_padding.tar")); + try (FileInputStream in = new FileInputStream(getFile("COMPRESS-544_truncated_in_padding.tar")); TarArchiveInputStream archive = new TarArchiveInputStream(in)) { while (archive.getNextTarEntry() != null) { } @@ -453,7 +453,7 @@ public class TarArchiveInputStreamTest extends AbstractTestCase { @Test(expected = IOException.class) public void testParseTarTruncatedInContent() throws IOException { - try (FileInputStream in = new FileInputStream(getFile("./COMPRESS-544_truncated_in_content.tar")); + try (FileInputStream in = new FileInputStream(getFile("COMPRESS-544_truncated_in_content.tar")); TarArchiveInputStream archive = new TarArchiveInputStream(in)) { while (archive.getNextTarEntry() != null) { } @@ -462,7 +462,16 @@ public class TarArchiveInputStreamTest extends AbstractTestCase { @Test(expected = IOException.class) public void testThrowExceptionWithNullEntry() throws IOException { - try (FileInputStream in = new FileInputStream(getFile("./COMPRESS-554.tar")); + try (FileInputStream in = new FileInputStream(getFile("COMPRESS-554.tar")); + TarArchiveInputStream archive = new TarArchiveInputStream(in)) { + while (archive.getNextTarEntry() != null) { + } + } + } + + @Test(expected = IOException.class) + public void testThrowException() throws IOException { + try (FileInputStream in = new FileInputStream(getFile("COMPRESS-553.tar")); TarArchiveInputStream archive = new TarArchiveInputStream(in)) { while (archive.getNextTarEntry() != null) { } diff --git a/src/test/resources/COMPRESS-553.tar b/src/test/resources/COMPRESS-553.tar new file mode 100644 index 0000000..0183279 Binary files /dev/null and b/src/test/resources/COMPRESS-553.tar differ