[commons-compress] branch master updated: COMPRESS-553 : fix for pax header of tar

Tue, 06 Oct 2020 19:53:12 -0700 

This is an automated email from the ASF dual-hosted git repository.

peterlee pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git


The following commit(s) were added to refs/heads/master by this push:
     new 555daa4  COMPRESS-553 : fix for pax header of tar
555daa4 is described below

commit 555daa4e9bfca0df3449f5484d5b87a5194a5abd
Author: PeterAlfredLee <peteralfred...@gmail.com>
AuthorDate: Wed Oct 7 10:51:00 2020 +0800

    COMPRESS-553 : fix for pax header of tar
    
    The length validation in TarArchiveInputStream.parsePaxHeaders should also 
consider the headers with length smaller than 1 and ignore these headers.
---
 src/changes/changes.xml                                  |   6 ++++++
 .../compress/archivers/tar/TarArchiveInputStream.java    |   2 +-
 .../archivers/tar/TarArchiveInputStreamTest.java         |  15 ++++++++++++---
 src/test/resources/COMPRESS-553.tar                      | Bin 0 -> 7168 bytes
 4 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 13c8b5d..f371886 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -242,6 +242,12 @@ The <action> type attribute can be add,update,fix,remove.
         Descriptor and STORED, and without the Data Descriptor
         signature.
       </action>
+      <action issue="COMPRESS-553" type="fix" date="2020-10-07"
+              due-to="Maksim Zuev" dev="PeterLee">
+        The length validation in TarArchiveInputStream.parsePaxHeaders
+        should also consider the headers with length smaller than 1
+        and ignore these headers.
+      </action>
     </release>
     <release version="1.20" date="2020-02-08"
              description="Release 1.20 (Java 7)">
diff --git 
a/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java
 
b/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java
index 62766f2..cecef21 100644
--- 
a/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java
+++ 
b/src/main/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStream.java
@@ -754,7 +754,7 @@ public class TarArchiveInputStream extends 
ArchiveInputStream {
                             final String keyword = 
coll.toString(CharsetNames.UTF_8);
                             // Get rest of entry
                             final int restLen = len - read;
-                            if (restLen == 1) { // only NL
+                            if (restLen <= 1) { // only NL
                                 headers.remove(keyword);
                             } else {
                                 final byte[] rest = new byte[restLen];
diff --git 
a/src/test/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStreamTest.java
 
b/src/test/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStreamTest.java
index 69841d9..31e6f1b 100644
--- 
a/src/test/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStreamTest.java
+++ 
b/src/test/java/org/apache/commons/compress/archivers/tar/TarArchiveInputStreamTest.java
@@ -444,7 +444,7 @@ public class TarArchiveInputStreamTest extends 
AbstractTestCase {
 
     @Test(expected = IOException.class)
     public void testParseTarTruncatedInPadding() throws IOException {
-        try (FileInputStream in = new 
FileInputStream(getFile("./COMPRESS-544_truncated_in_padding.tar"));
+        try (FileInputStream in = new 
FileInputStream(getFile("COMPRESS-544_truncated_in_padding.tar"));
              TarArchiveInputStream archive = new TarArchiveInputStream(in)) {
             while (archive.getNextTarEntry() != null) {
             }
@@ -453,7 +453,7 @@ public class TarArchiveInputStreamTest extends 
AbstractTestCase {
 
     @Test(expected = IOException.class)
     public void testParseTarTruncatedInContent() throws IOException {
-        try (FileInputStream in = new 
FileInputStream(getFile("./COMPRESS-544_truncated_in_content.tar"));
+        try (FileInputStream in = new 
FileInputStream(getFile("COMPRESS-544_truncated_in_content.tar"));
              TarArchiveInputStream archive = new TarArchiveInputStream(in)) {
             while (archive.getNextTarEntry() != null) {
             }
@@ -462,7 +462,16 @@ public class TarArchiveInputStreamTest extends 
AbstractTestCase {
 
     @Test(expected = IOException.class)
     public void testThrowExceptionWithNullEntry() throws IOException {
-        try (FileInputStream in = new 
FileInputStream(getFile("./COMPRESS-554.tar"));
+        try (FileInputStream in = new 
FileInputStream(getFile("COMPRESS-554.tar"));
+             TarArchiveInputStream archive = new TarArchiveInputStream(in)) {
+            while (archive.getNextTarEntry() != null) {
+            }
+        }
+    }
+
+    @Test(expected = IOException.class)
+    public void testThrowException() throws IOException {
+        try (FileInputStream in = new 
FileInputStream(getFile("COMPRESS-553.tar"));
              TarArchiveInputStream archive = new TarArchiveInputStream(in)) {
             while (archive.getNextTarEntry() != null) {
             }
diff --git a/src/test/resources/COMPRESS-553.tar 
b/src/test/resources/COMPRESS-553.tar
new file mode 100644
index 0000000..0183279
Binary files /dev/null and b/src/test/resources/COMPRESS-553.tar differ

Reply via email to