File CVE-2019-20907_tarfile-inf-loop.patch of Package python-base.33824

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2019-20907_tarfile-inf-loop.patch of Package python-base.33824

From 1fa6ef2bc7cee1c8e088dd8b397d9b2d54036dbc Mon Sep 17 00:00:00 2001
From: Rajarishi Devarajan <rishi93dev@gmail.com>
Date: Sun, 12 Jul 2020 23:47:42 +0200
Subject: [PATCH 1/4] bpo-39017 Fix infinite loop in the tarfile module

Add a check for length = 0 in the _proc_pax function to avoid running into an infinite loop
---
 Lib/tarfile.py                                                    |    2 ++
 Lib/test/test_tarfile.py                                          |    5 +++++
 Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst |    1 +
 3 files changed, 8 insertions(+)
 create mode 100644 Lib/test/recursion.tar

--- a/Lib/tarfile.py
+++ b/Lib/tarfile.py
@@ -1400,6 +1400,8 @@ class TarInfo(object):
 
             length, keyword = match.groups()
             length = int(length)
+            if length == 0:
+                raise InvalidHeaderError("invalid header")
             value = buf[match.end(2) + 1:match.start(1) + length - 1]
 
             keyword = keyword.decode("utf8")
--- a/Lib/test/test_tarfile.py
+++ b/Lib/test/test_tarfile.py
@@ -321,6 +321,11 @@ class CommonReadTest(ReadTest):
                 with self.assertRaisesRegexp(tarfile.ReadError, "unexpected end of data"):
                     tar.extractfile(t).read()
 
+    def test_length_zero_header(self):
+        # bpo-39017 (CVE-2019-20907): reading a zero-length header should fail
+        # with an exception
+        self.assertRaises(tarfile.ReadError, tarfile.open, test_support.findfile('recursion.tar'))
+
 
 class MiscReadTest(CommonReadTest):
     taropen = tarfile.TarFile.taropen
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
@@ -0,0 +1 @@
+Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).

Places

File CVE-2019-20907_tarfile-inf-loop.patch of Package python-base.33824

Places