File CVE-2019-20907_tarfile-inf-loop.patch of Package python3-base.17367

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2019-20907_tarfile-inf-loop.patch of Package python3-base.17367

From 1fa6ef2bc7cee1c8e088dd8b397d9b2d54036dbc Mon Sep 17 00:00:00 2001
From: Rajarishi Devarajan <rishi93dev@gmail.com>
Date: Sun, 12 Jul 2020 23:47:42 +0200
Subject: [PATCH 1/4] bpo-39017 Fix infinite loop in the tarfile module

Add a check for length = 0 in the _proc_pax function to avoid running into an infinite loop
---
 Lib/tarfile.py           |   2 ++
 Lib/test/test_tarfile.py |   5 +++++
 3 files changed, 7 insertions(+)
 create mode 100644 Lib/test/recursion.tar

--- a/Lib/tarfile.py
+++ b/Lib/tarfile.py
@@ -1226,6 +1226,8 @@ class TarInfo(object):
 
             length, keyword = match.groups()
             length = int(length)
+            if length == 0:
+                raise InvalidHeaderError("invalid header")
             value = buf[match.end(2) + 1:match.start(1) + length - 1]
 
             # Normally, we could just use "utf-8" as the encoding and "strict"
--- a/Lib/test/test_tarfile.py
+++ b/Lib/test/test_tarfile.py
@@ -297,6 +297,14 @@ class Bz2ListTest(Bz2Test, ListTest):
 class LzmaListTest(LzmaTest, ListTest):
     pass
 
+    def test_length_zero_header(self):
+        # bpo-39017 (CVE-2019-20907): reading a zero-length header should fail
+        # with an exception
+        with self.assertRaisesRegex(tarfile.ReadError, "file could not be opened successfully"):
+            with tarfile.open(support.findfile('recursion.tar')) as tar:
+                pass
+
+
 
 class CommonReadTest(ReadTest):
 
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
@@ -0,0 +1 @@
+Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).

Places

File CVE-2019-20907_tarfile-inf-loop.patch of Package python3-base.17367

Places