[issue39017] Infinite loop in the tarfile module

2020-07-19 Thread Michał Górny
Michał Górny added the comment: Given that a CVE was assigned for this, I think it'd be better if the news were in the 'Security' category and not 'Library'. -- nosy: +mgorny ___ Python tracker

[issue39017] Infinite loop in the tarfile module

2020-07-16 Thread Larry Hastings
Change by Larry Hastings : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue39017] Infinite loop in the tarfile module

2020-07-16 Thread Larry Hastings
Larry Hastings added the comment: New changeset cac9ca8ed99bd98f4c0dcd1913a146192bf5ee84 by Petr Viktorin in branch '3.5': [3.5] bpo-39017: Avoid infinite loop in the tarfile module (GH-21454) (#21489) https://github.com/python/cpython/commit/cac9ca8ed99bd98f4c0dcd1913a146192bf5ee84

[issue39017] Infinite loop in the tarfile module

2020-07-15 Thread Petr Viktorin
Change by Petr Viktorin : -- pull_requests: +20632 pull_request: https://github.com/python/cpython/pull/21489 ___ Python tracker ___

[issue39017] Infinite loop in the tarfile module

2020-07-15 Thread Ned Deily
Ned Deily added the comment: Thanks, the PRs for 3.7 and 3.6 are now merged. -- versions: +Python 3.10, Python 3.5, Python 3.6, Python 3.8, Python 3.9 ___ Python tracker ___

[issue39017] Infinite loop in the tarfile module

2020-07-15 Thread Ned Deily
Ned Deily added the comment: New changeset 47a2955589bdb1a114d271496ff803ad73f954b8 by Miss Islington (bot) in branch '3.6': bpo-39017: Avoid infinite loop in the tarfile module (GH-21454) (#21485) https://github.com/python/cpython/commit/47a2955589bdb1a114d271496ff803ad73f954b8 --

[issue39017] Infinite loop in the tarfile module

2020-07-15 Thread Ned Deily
Ned Deily added the comment: New changeset 79c6b602efc9a906c8496f3d5f4d54c54b48fa06 by Miss Islington (bot) in branch '3.7': bpo-39017: Avoid infinite loop in the tarfile module (GH-21454) (GH-21484) https://github.com/python/cpython/commit/79c6b602efc9a906c8496f3d5f4d54c54b48fa06

[issue39017] Infinite loop in the tarfile module

2020-07-15 Thread Larry Hastings
Larry Hastings added the comment: Yes, please. It's a simple low-risk fix. And 3.5.10rc1 is stuck waiting for a fix anyway. Thanks! -- ___ Python tracker ___

[issue39017] Infinite loop in the tarfile module

2020-07-15 Thread miss-islington
miss-islington added the comment: New changeset c55479556db015f48fc8bbca17f64d3e65598559 by Miss Islington (bot) in branch '3.8': [3.8] bpo-39017: Avoid infinite loop in the tarfile module (GH-21454) (GH-21483) https://github.com/python/cpython/commit/c55479556db015f48fc8bbca17f64d3e65598559

[issue39017] Infinite loop in the tarfile module

2020-07-15 Thread miss-islington
miss-islington added the comment: New changeset f3232294ee695492f43d424cc6969d018d49861d by Miss Islington (bot) in branch '3.9': [3.9] bpo-39017: Avoid infinite loop in the tarfile module (GH-21454) (GH-21482) https://github.com/python/cpython/commit/f3232294ee695492f43d424cc6969d018d49861d

[issue39017] Infinite loop in the tarfile module

2020-07-15 Thread Petr Viktorin
Petr Viktorin added the comment: Larry and Ned, do you want this fix in the security-only releases you manage? PRs for 3.6 ad 3.7 are ready, should you wish to merge them. -- nosy: +larry, ned.deily -miss-islington ___ Python tracker

[issue39017] Infinite loop in the tarfile module

2020-07-15 Thread miss-islington
Change by miss-islington : -- pull_requests: +20629 pull_request: https://github.com/python/cpython/pull/21485 ___ Python tracker ___

[issue39017] Infinite loop in the tarfile module

2020-07-15 Thread miss-islington
Change by miss-islington : -- nosy: +miss-islington nosy_count: 7.0 -> 8.0 pull_requests: +20626 pull_request: https://github.com/python/cpython/pull/21482 ___ Python tracker

[issue39017] Infinite loop in the tarfile module

2020-07-15 Thread miss-islington
Change by miss-islington : -- pull_requests: +20628 pull_request: https://github.com/python/cpython/pull/21484 ___ Python tracker ___

[issue39017] Infinite loop in the tarfile module

2020-07-15 Thread miss-islington
Change by miss-islington : -- pull_requests: +20627 pull_request: https://github.com/python/cpython/pull/21483 ___ Python tracker ___

[issue39017] Infinite loop in the tarfile module

2020-07-15 Thread Petr Viktorin
Petr Viktorin added the comment: New changeset 5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4 by Rishi in branch 'master': bpo-39017: Avoid infinite loop in the tarfile module (GH-21454) https://github.com/python/cpython/commit/5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4 -- nosy:

[issue39017] Infinite loop in the tarfile module

2020-07-14 Thread jvoisin
jvoisin added the comment: CVE-2019-20907 has been assigned to this issue. -- ___ Python tracker ___ ___ Python-bugs-list mailing

[issue39017] Infinite loop in the tarfile module

2020-07-12 Thread Rishi
Rishi added the comment: Thank you. I have signed the CLA agreement. I have pushed my code changes and also written a testcase for this issue -- ___ Python tracker ___

[issue39017] Infinite loop in the tarfile module

2020-07-12 Thread Rishi
Change by Rishi : -- keywords: +patch pull_requests: +20602 stage: test needed -> patch review pull_request: https://github.com/python/cpython/pull/21454 ___ Python tracker

[issue39017] Infinite loop in the tarfile module

2020-07-10 Thread Ethan Furman
Ethan Furman added the comment: Absolutely! But first, you'll need to sign the Contributor License Agreement: https://www.python.org/psf/contrib/contrib-form/ Thank you for your help! -- ___ Python tracker

[issue39017] Infinite loop in the tarfile module

2020-07-10 Thread Rishi
Rishi added the comment: Hi ! I would like to start contributing to CPython. Can I start working on this issue ? -- ___ Python tracker ___

[issue39017] Infinite loop in the tarfile module

2020-07-10 Thread Rishi
Change by Rishi : -- nosy: +rishi93 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue39017] Infinite loop in the tarfile module

2020-07-08 Thread Ben Caller
Ben Caller added the comment: A smaller bug: If instead of 0 you use a large number (> 2^63) e.g. 999 you get `OverflowError: Python int too large to convert to C ssize_t` rather than the expected `tarfile.ReadError` regardless of errorlevel. --

[issue39017] Infinite loop in the tarfile module

2020-07-08 Thread Ben Caller
Ben Caller added the comment: I've attached a minimal tar file which reproduces this. I think the minimum length is 516 bytes. We need a 512 byte PAX format header block as normal. Then we need a pax header which matches the regex in

[issue39017] Infinite loop in the tarfile module

2019-12-10 Thread Ethan Furman
Change by Ethan Furman : -- stage: -> test needed ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue39017] Infinite loop in the tarfile module

2019-12-10 Thread Serhiy Storchaka
Change by Serhiy Storchaka : -- nosy: +lars.gustaebel, serhiy.storchaka ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue39017] Infinite loop in the tarfile module

2019-12-10 Thread jvoisin
New submission from jvoisin : While playing with fuzzing and Python, I stumbled upon an infinite loop in Python's tarfile module: just open the attached file with `tarfile.open('timeout-a52710a313fdb35fb428c3399277cb640fe2f686')`, and Python will be endlessly stuck in the `_proc_pax`