go/archive at feb92a8e8cadcd79e24d3caeab64149eb096363f - go

qbit/go

mirror of https://github.com/golang/go synced 2024-11-14 20:20:30 -07:00

History

Joe Tsai e4add8d569 archive/tar: fix numeric overflow issues in readGNUSparseMap0x1 Motivation: * The logic to verify the numEntries can overflow and incorrectly pass, allowing a malicious file to allocate arbitrary memory. * The use of strconv.ParseInt does not set the integer precision to 64bit, causing this code to work incorrectly on 32bit machines. Change-Id: I1b1571a750a84f2dde97cc329ed04fe2342aaa60 Reviewed-on: https://go-review.googlesource.com/15173 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>	2015-10-06 17:49:05 +00:00
..
tar	archive/tar: fix numeric overflow issues in readGNUSparseMap0x1	2015-10-06 17:49:05 +00:00
zip	archive/zip: fixes unexpected EOF when reading archive	2015-09-11 00:32:59 +00:00

Joe Tsai e4add8d569 archive/tar: fix numeric overflow issues in readGNUSparseMap0x1

Motivation:
* The logic to verify the numEntries can overflow and incorrectly
pass, allowing a malicious file to allocate arbitrary memory.
* The use of strconv.ParseInt does not set the integer precision
to 64bit, causing this code to work incorrectly on 32bit machines.

Change-Id: I1b1571a750a84f2dde97cc329ed04fe2342aaa60
Reviewed-on: https://go-review.googlesource.com/15173
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

2015-10-06 17:49:05 +00:00

tar

archive/tar: fix numeric overflow issues in readGNUSparseMap0x1

2015-10-06 17:49:05 +00:00

zip

archive/zip: fixes unexpected EOF when reading archive

2015-09-11 00:32:59 +00:00