Re: [Bug-tar] [PATCH 0/2] tar: checksum collision

bug-tar

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-tar] [PATCH 0/2] tar: checksum collision

From:	Alexander Kolesen
Subject:	Re: [Bug-tar] [PATCH 0/2] tar: checksum collision
Date:	Thu, 9 Jan 2014 17:27:59 +0300
User-agent:	Mutt/1.5.22 (2013-10-16)

Hey folks, any response on this?

> Hello,
> 
> I've bumped into strange tar behavior - it's unable to decompress a 
> previously compressed archive:
> 
>  % file test.tar.gz
> test.tar.gz: gzip compressed data, from Unix, last modified: Fri Dec 21 
> 13:00:50 2012
>  % tar -xf test.tar.gz -C out && echo "Success"
> tar: This does not look like a tar archive
> tar: Exiting with failure status due to previous errors
>  % tar -xf test.tar.gz && echo "Success"
> Success
> 
> Here's the content of the file. In contains nothing but an empty directory:
>  % cat test.tar.gz | base64
> H4sIAFIz1FAAA+3PMQqDQBCF4TnK3sAZddzjiAERCaywccn1NUUghWgjqf6vecW84s2cl/Re8nPM
> /WsdpjlNldxNdzH6Jy26/uaXWK2da2Nem6i1rXUS/PYlB8r+dg5ByqOktZz0Lu4AAAAAAAAAAAAA
> AAAAAPzRBndnEVwAKAAA
> 
> I've made a quick research and found out that src/list.c:tar_checksum function
> wrongly interprets this file as a plain tar archive instead of gzipped tar due
> checksum collision (signed_sum == recorded_sum == 0):
> 
> (gdb) run -xvf ../iw.tgz.bak
> Starting program: /home/m0use/work/tar-bug/tar/src/tar -xvf ../iw.tgz.bak
> warning: Could not load shared library symbols for linux-vdso.so.1.
> Do you need "set solib-search-path" or "set sysroot"?
> 
> Breakpoint 1, tar_checksum (header=<optimized out>, address@hidden) at 
> list.c:350
> 350       if (unsigned_sum != recorded_sum && signed_sum != recorded_sum)
> (gdb) p signed_sum
> $1 = 0
> (gdb) p recorded_sum
> $2 = 0
> 
> So, tar_checksum function returns HEADER_SUCCESS in case of gzipped tar file, 
> what's wrong.
> Here's a couple of patches which fixes the case from my perspective.
> Please, review when you have a chance.
> Thanks!
> 
> 
> Alexander Kolesen (2):
>   check_compressed_archive: check for compressed signatures first prior
>     to checking tar checksum
>   init_buffer: zero-fill allocated memory to prevent examing a junk
> 
>  src/buffer.c | 14 +++++++++-----
>  1 file changed, 9 insertions(+), 5 deletions(-)

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-tar] [PATCH 0/2] tar: checksum collision, Alexander Kolesen, 2014/01/01
- [Bug-tar] [PATCH 1/2] check_compressed_archive: check for compressed signatures first prior to checking tar checksum, Alexander Kolesen, 2014/01/01
- [Bug-tar] [PATCH 2/2] init_buffer: zero-fill allocated memory to prevent walking a junk, Alexander Kolesen, 2014/01/01
- Re: [Bug-tar] [PATCH 0/2] tar: checksum collision, Alexander Kolesen <=
  - Re: [Bug-tar] [PATCH 0/2] tar: checksum collision, Sergey Poznyakoff, 2014/01/09

Prev by Date: Re: [Bug-tar] testsuite.log too large for mailing lists
Next by Date: Re: [Bug-tar] [PATCH 0/2] tar: checksum collision
Previous by thread: [Bug-tar] [PATCH 2/2] init_buffer: zero-fill allocated memory to prevent walking a junk
Next by thread: Re: [Bug-tar] [PATCH 0/2] tar: checksum collision
Index(es):
- Date
- Thread