archive/tar: fix slice bounds out of range

Sanity check the pax-header size field before using it. Fixes #11167. Change-Id: I9d5d0210c3990e6fb9434c3fe333be0d507d5962 Reviewed-on: https://go-review.googlesource.com/10954 Reviewed-by: David Symonds <dsymonds@golang.org>
author: Michael Gehring <mg@ebfe.org> 2015-06-12 22:49:42 +0200
committer: David Symonds <dsymonds@golang.org> 2015-06-12 21:35:47 +0000
commit: 5acba80aa2f1444066a9c28440229baa0f2e008d (patch)
tree: 6e886f471dfee8c93c2200a9871e21291d415800 /src/archive/tar/reader_test.go
parent: b9bd57e7152f93d788f62a8cc09d0e0f89b60066 (diff)
download: go-5acba80aa2f1444066a9c28440229baa0f2e008d.tar.xz
1 files changed, 8 insertions, 3 deletions
diff --git a/src/archive/tar/reader_test.go b/src/archive/tar/reader_test.go
index 6ffb383a22..311db77641 100644
--- a/src/archive/tar/reader_test.go
+++ b/src/archive/tar/reader_test.go
@@ -462,9 +462,14 @@ func TestParsePAXHeader(t *testing.T) {
 			t.Error("Buffer wasn't consumed")
 		}
 	}
-	badHeader := bytes.NewReader([]byte("3 somelongkey="))
-	if _, err := parsePAX(badHeader); err != ErrHeader {
-		t.Fatal("Unexpected success when parsing bad header")
+	badHeaderTests := [][]byte{
+		[]byte("3 somelongkey=\n"),
+		[]byte("50 tooshort=\n"),
+	}
+	for _, test := range badHeaderTests {
+		if _, err := parsePAX(bytes.NewReader(test)); err != ErrHeader {
+			t.Fatal("Unexpected success when parsing bad header")
+		}
 	}
 }
author	Michael Gehring <mg@ebfe.org>	2015-06-12 22:49:42 +0200
committer	David Symonds <dsymonds@golang.org>	2015-06-12 21:35:47 +0000
commit	5acba80aa2f1444066a9c28440229baa0f2e008d (patch)
tree	6e886f471dfee8c93c2200a9871e21291d415800 /src/archive/tar/reader_test.go
parent	b9bd57e7152f93d788f62a8cc09d0e0f89b60066 (diff)
download	go-5acba80aa2f1444066a9c28440229baa0f2e008d.tar.xz