archive/tar: fix bugs with sparseFileReader - go - Fork of Go programming language with my patches.

diff options

author	Joe Tsai <joetsai@digital-static.net>	2015-09-28 16:38:16 -0700
committer	Andrew Gerrand <adg@golang.org>	2015-10-01 00:51:15 +0000
commit	79480ca07a1515223d49031c59ae37b662f45b5e (patch)
tree	af4d49333eef2d77f255aa9314225fa423cc8037 /src/html/template
parent	b1797390b95d1ffd3d97b19532bf451719d42fd5 (diff)
download	go-79480ca07a1515223d49031c59ae37b662f45b5e.tar.xz

archive/tar: fix bugs with sparseFileReader

The sparseFileReader is prone to two different forms of denial-of-service attacks: * A malicious tar file can cause an infinite loop * A malicious tar file can cause arbitrary panics This results because of poor error checking/handling, which this CL fixes. While we are at it, add a plethora of unit tests to test for possible malicious inputs. Change-Id: I2f9446539d189f3c1738a1608b0ad4859c1be929 Reviewed-on: https://go-review.googlesource.com/15115 Reviewed-by: Andrew Gerrand <adg@golang.org> Run-TryBot: Andrew Gerrand <adg@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>

Diffstat (limited to 'src/html/template')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: