classification
Title: tarfile.TarInfo.fromtarfile does not check read() return value
Type: behavior Stage: resolved
Components: Versions: Python 3.4, Python 3.5, Python 2.7
process
Status: closed Resolution: not a bug
Dependencies: Superseder:
Assigned To: lars.gustaebel Nosy List: BreamoreBoy, lars.gustaebel, socketpair
Priority: normal Keywords:

Created on 2013-01-04 07:55 by socketpair, last changed 2014-07-18 14:30 by lars.gustaebel. This issue is now closed.

Messages (3)
msg179006 - (view) Author: Марк Коренберг (socketpair) * Date: 2013-01-04 07:55
tarfile.TarInfo.fromtarfile does not check read() return value.
read() may return less than requested size, so,

buf = tarfile.fileobj.read(BLOCKSIZE)
...
obj.offset = tarfile.fileobj.tell() - BLOCKSIZE

may do something nasty.
msg223125 - (view) Author: Mark Lawrence (BreamoreBoy) * Date: 2014-07-15 17:20
@Lars can we have a comment on this please.
msg223412 - (view) Author: Lars Gustäbel (lars.gustaebel) * (Python committer) Date: 2014-07-18 14:30
The size of the buffer returned by TarInfo.fromtarfile() is checked by TarInfo.frombuf() which raises either an EmptyHeaderError or TruncatedHeaderError respectively.
History
Date User Action Args
2014-07-18 14:30:48lars.gustaebelsetstatus: open -> closed
messages: + msg223412

assignee: lars.gustaebel
resolution: not a bug
stage: resolved
2014-07-15 17:20:30BreamoreBoysetversions: + Python 2.7, Python 3.4, Python 3.5
nosy: + BreamoreBoy

messages: + msg223125

type: behavior
2013-01-04 08:07:58ned.deilysetnosy: + lars.gustaebel
2013-01-04 07:55:22socketpaircreate