[GitHub] [commons-compress] garydgregory commented on a diff in pull request #386: COMPRESS-644 -- do not allow zero by entries when detecting magic-less tar

Mon, 15 May 2023 10:04:42 -0700 


garydgregory commented on code in PR #386:
URL: https://github.com/apache/commons-compress/pull/386#discussion_r1194113644


##########
src/test/java/org/apache/commons/compress/DetectArchiverTestCase.java:
##########
@@ -141,4 +145,17 @@ public void testEmptyJarArchive() throws Exception {
     public void testEmptyZipArchive() throws Exception {
         checkEmptyArchive("zip");
     }
+
+    @Test
+    public void ignoreZeroByteEntryInTarDetect_COMPRESS644() throws 
IOException {
+        try (final InputStream in =
+                     new BufferedInputStream(Files.newInputStream(
+                             Paths.get("src/test/resources/org/apache/commons" 
+
+                             "/compress/COMPRESS-644/ARW05UP.ICO")))) {
+            ArchiveStreamFactory.detect(in);
+            fail("should have thrown ArchiveException");
+        } catch (ArchiveException e) {

Review Comment:
   Use assertThrows().



##########
src/main/java/org/apache/commons/compress/archivers/ArchiveStreamFactory.java:
##########
@@ -268,7 +269,16 @@ public static String detect(final InputStream in) throws 
ArchiveException {
             try {
                 tais = new TarArchiveInputStream(new 
ByteArrayInputStream(tarHeader));
                 // COMPRESS-191 - verify the header checksum
-                if (tais.getNextTarEntry().isCheckSumOK()) {
+                // COMPRESS-644 - do not allow zero byte file entries
+                TarArchiveEntry tae = tais.getNextTarEntry();
+                //try to find the first non-directory entry within the first 
10 entries.
+                int max = 10;
+                int count = 0;
+                while (tae != null && tae.isDirectory() && count++ < max) {
+                    tae = tais.getNextTarEntry();
+                }
+                if (tae != null && !tae.isDirectory()
+                        && tae.getSize() > 0l && tae.isCheckSumOK()) {

Review Comment:
   01?



##########
src/main/java/org/apache/commons/compress/archivers/ArchiveStreamFactory.java:
##########
@@ -268,7 +269,16 @@ public static String detect(final InputStream in) throws 
ArchiveException {
             try {
                 tais = new TarArchiveInputStream(new 
ByteArrayInputStream(tarHeader));
                 // COMPRESS-191 - verify the header checksum
-                if (tais.getNextTarEntry().isCheckSumOK()) {
+                // COMPRESS-644 - do not allow zero byte file entries
+                TarArchiveEntry tae = tais.getNextTarEntry();
+                //try to find the first non-directory entry within the first 
10 entries.
+                int max = 10;

Review Comment:
   What makes 10 special? Needs a comment or a better a Javadoc comment for a 
new constant.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to