diff options
| author | Damien Neil <dneil@google.com> | 2022-11-21 11:32:39 -0800 |
|---|---|---|
| committer | Damien Neil <dneil@google.com> | 2022-11-21 21:14:38 +0000 |
| commit | 85a2c19b328081c3fbcd1fa3db9a56d708a25c68 (patch) | |
| tree | 64a79901e3237069743bf38998d2485d2c651803 /src/archive/tar | |
| parent | f60c77026bb47db984c5da7e6f0590010e7e1a6f (diff) | |
| download | go-85a2c19b328081c3fbcd1fa3db9a56d708a25c68.tar.xz | |
archive/tar, archive/zip: disable insecure file name checks with GODEBUG
Add GODEBUG=tarinsecurepath=1 and GODEBUG=zipinsecurepath=1 settings
to disable file name validation.
For #55356.
Change-Id: Iaacdc629189493e7ea3537a81660215a59dd40a4
Reviewed-on: https://go-review.googlesource.com/c/go/+/452495
Reviewed-by: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Diffstat (limited to 'src/archive/tar')
| -rw-r--r-- | src/archive/tar/common.go | 3 | ||||
| -rw-r--r-- | src/archive/tar/reader.go | 2 | ||||
| -rw-r--r-- | src/archive/tar/reader_test.go | 20 |
3 files changed, 24 insertions, 1 deletions
diff --git a/src/archive/tar/common.go b/src/archive/tar/common.go index be02a24542..0d5a942024 100644 --- a/src/archive/tar/common.go +++ b/src/archive/tar/common.go @@ -13,6 +13,7 @@ package tar import ( "errors" "fmt" + "internal/godebug" "io/fs" "math" "path" @@ -26,6 +27,8 @@ import ( // architectures. If a large value is encountered when decoding, the result // stored in Header will be the truncated version. +var tarinsecurepath = godebug.New("tarinsecurepath") + var ( ErrHeader = errors.New("archive/tar: invalid tar header") ErrWriteTooLong = errors.New("archive/tar: write too long") diff --git a/src/archive/tar/reader.go b/src/archive/tar/reader.go index 3495f083e3..99ba004c9a 100644 --- a/src/archive/tar/reader.go +++ b/src/archive/tar/reader.go @@ -60,7 +60,7 @@ func (tr *Reader) Next() (*Header, error) { } hdr, err := tr.next() tr.err = err - if err == nil && !filepath.IsLocal(hdr.Name) { + if err == nil && tarinsecurepath.Value() != "1" && !filepath.IsLocal(hdr.Name) { err = ErrInsecurePath } return hdr, err diff --git a/src/archive/tar/reader_test.go b/src/archive/tar/reader_test.go index 91dc1650e2..7e0462c3f8 100644 --- a/src/archive/tar/reader_test.go +++ b/src/archive/tar/reader_test.go @@ -1617,6 +1617,7 @@ func TestFileReader(t *testing.T) { } func TestInsecurePaths(t *testing.T) { + t.Setenv("GODEBUG", "tarinsecurepath=0") for _, path := range []string{ "../foo", "/foo", @@ -1652,3 +1653,22 @@ func TestInsecurePaths(t *testing.T) { } } } + +func TestDisableInsecurePathCheck(t *testing.T) { + t.Setenv("GODEBUG", "tarinsecurepath=1") + var buf bytes.Buffer + tw := NewWriter(&buf) + const name = "/foo" + tw.WriteHeader(&Header{ + Name: name, + }) + tw.Close() + tr := NewReader(&buf) + h, err := tr.Next() + if err != nil { + t.Fatalf("tr.Next with tarinsecurepath=1: got err %v, want nil", err) + } + if h.Name != name { + t.Fatalf("tr.Next with tarinsecurepath=1: got name %q, want %q", h.Name, name) + } +} |