Index: Lib/tarfile.py
===================================================================
--- Lib/tarfile.py	(revision 53101)
+++ Lib/tarfile.py	(working copy)
@@ -145,7 +145,10 @@
     # There are two possible encodings for a number field, see
     # itn() below.
     if s[0] != chr(0200):
-        n = int(s.rstrip(NUL + " ") or "0", 8)
+        try:
+            n = int(s.rstrip(NUL + " ") or "0", 8)
+        except ValueError:
+            raise HeaderError("invalid header")
     else:
         n = 0L
         for i in xrange(len(s) - 1):
@@ -826,11 +829,7 @@
         if buf.count(NUL) == BLOCKSIZE:
             raise HeaderError("empty header")
 
-        try:
-            chksum = nti(buf[148:156])
-        except ValueError:
-            raise HeaderError("invalid header")
-
+        chksum = nti(buf[148:156])
         if chksum not in calc_chksums(buf):
             raise HeaderError("bad checksum")
 
Index: Lib/test/test_tarfile.py
===================================================================
--- Lib/test/test_tarfile.py	(revision 53101)
+++ Lib/test/test_tarfile.py	(working copy)
@@ -601,7 +601,29 @@
         self.assertEqual(tarfile.filemode(0755), '-rwxr-xr-x')
         self.assertEqual(tarfile.filemode(07111), '---s--s--t')
 
+class HeaderErrorTest(unittest.TestCase):
 
+    def test_truncated_header(self):
+        self.assertRaises(tarfile.HeaderError, tarfile.TarInfo.frombuf, "")
+        self.assertRaises(tarfile.HeaderError, tarfile.TarInfo.frombuf, "filename\0")
+        self.assertRaises(tarfile.HeaderError, tarfile.TarInfo.frombuf, "\0" * 511)
+        self.assertRaises(tarfile.HeaderError, tarfile.TarInfo.frombuf, "\0" * 513)
+
+    def test_empty_header(self):
+        self.assertRaises(tarfile.HeaderError, tarfile.TarInfo.frombuf, "\0" * 512)
+
+    def test_invalid_header(self):
+        buf = tarfile.TarInfo("filename").tobuf()
+        buf = buf[:148] + "foo\0\0\0\0\0" + buf[156:] # invalid number field.
+        self.assertRaises(tarfile.HeaderError, tarfile.TarInfo.frombuf, buf)
+
+    def test_bad_checksum(self):
+        buf = tarfile.TarInfo("filename").tobuf()
+        b = buf[:148] + "        " + buf[156:] # clear the checksum field.
+        self.assertRaises(tarfile.HeaderError, tarfile.TarInfo.frombuf, b)
+        b = "a" + buf[1:] # manipulate the buffer, so checksum won't match.
+        self.assertRaises(tarfile.HeaderError, tarfile.TarInfo.frombuf, b)
+
 if bz2:
     # Bzip2 TestCases
     class ReadTestBzip2(ReadTestGzip):
@@ -646,6 +668,7 @@
 
     tests = [
         FileModeTest,
+        HeaderErrorTest,
         ReadTest,
         ReadStreamTest,
         ReadDetectTest,