mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-11-13 23:46:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 12

bpo-39039: tarfile raises descriptive exception from zlib.error (GH-27766)

Browse source 
* during tarfile parsing, a zlib error indicates invalid data
* tarfile.open now raises a descriptive exception from the zlib error
* this makes it clear to the user that they may be trying to open a
  corrupted tar file
This commit is contained in:
Jack DeVries 2021-09-29 05:25:48 -04:00 committed by GitHub
parent 233b9da07d
commit b6fe857250
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
Lib/tarfile.py
View file

@ -2349,6 +2349,15 @@ class TarFile(object):
raise ReadError(str(e)) from None raise ReadError(str(e)) from None
except SubsequentHeaderError as e: except SubsequentHeaderError as e:
raise ReadError(str(e)) from None raise ReadError(str(e)) from None
except Exception as e:
try:
import zlib
if isinstance(e, zlib.error):
raise ReadError(f'zlib error: {e}') from None
else:
raise e
except ImportError:
raise e
break break
if tarinfo is not None: if tarinfo is not None:

14
Lib/test/test_tarfile.py
View file

@ -19,6 +19,10 @@ try:
import gzip import gzip
except ImportError: except ImportError:
gzip = None gzip = None
try:
import zlib
except ImportError:
zlib = None
try: try:
import bz2 import bz2
except ImportError: except ImportError:
@ -687,6 +691,16 @@ class MiscReadTestBase(CommonReadTest):
self.assertEqual(m1.offset, m2.offset) self.assertEqual(m1.offset, m2.offset)
self.assertEqual(m1.get_info(), m2.get_info()) self.assertEqual(m1.get_info(), m2.get_info())
@unittest.skipIf(zlib is None, "requires zlib")
def test_zlib_error_does_not_leak(self):
# bpo-39039: tarfile.open allowed zlib exceptions to bubble up when
# parsing certain types of invalid data
with unittest.mock.patch("tarfile.TarInfo.fromtarfile") as mock:
mock.side_effect = zlib.error
with self.assertRaises(tarfile.ReadError):
tarfile.open(self.tarname)
class MiscReadTest(MiscReadTestBase, unittest.TestCase): class MiscReadTest(MiscReadTestBase, unittest.TestCase):
test_fail_comp = None test_fail_comp = None

2
Misc/NEWS.d/next/Library/2021-08-18-10-36-14.bpo-39039.A63LYh.rst Normal file
View file

@ -0,0 +1,2 @@
tarfile.open raises :exc:`~tarfile.ReadError` when a zlib error occurs
during file extraction.