Lars Gustäbel added the comment:
The size of the buffer returned by TarInfo.fromtarfile() is checked by
TarInfo.frombuf() which raises either an EmptyHeaderError or
TruncatedHeaderError respectively.
--
assignee: - lars.gustaebel
resolution: - not a bug
stage: - resolved
status:
Mark Lawrence added the comment:
@Lars can we have a comment on this please.
--
nosy: +BreamoreBoy
type: - behavior
versions: +Python 2.7, Python 3.4, Python 3.5
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16859
Changes by Ned Deily n...@acm.org:
--
nosy: +lars.gustaebel
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16859
___
___
Python-bugs-list mailing
New submission from Марк Коренберг:
tarfile.TarInfo.fromtarfile does not check read() return value.
read() may return less than requested size, so,
buf = tarfile.fileobj.read(BLOCKSIZE)
...
obj.offset = tarfile.fileobj.tell() - BLOCKSIZE
may do something nasty.
--
messages: 179006
