diff --git a/Lib/tarfile.py b/Lib/tarfile.py index 00789f36a7a..ccbfdde6ede 100644 --- a/Lib/tarfile.py +++ b/Lib/tarfile.py @@ -145,7 +145,10 @@ def nti(s): # There are two possible encodings for a number field, see # itn() below. if s[0] != chr(0200): - n = int(s.rstrip(NUL + " ") or "0", 8) + try: + n = int(s.rstrip(NUL + " ") or "0", 8) + except ValueError: + raise HeaderError("invalid header") else: n = 0L for i in xrange(len(s) - 1): @@ -826,11 +829,7 @@ class TarInfo(object): if buf.count(NUL) == BLOCKSIZE: raise HeaderError("empty header") - try: - chksum = nti(buf[148:156]) - except ValueError: - raise HeaderError("invalid header") - + chksum = nti(buf[148:156]) if chksum not in calc_chksums(buf): raise HeaderError("bad checksum") diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py index 2685d67819c..56cc919e93c 100644 --- a/Lib/test/test_tarfile.py +++ b/Lib/test/test_tarfile.py @@ -601,6 +601,28 @@ class FileModeTest(unittest.TestCase): self.assertEqual(tarfile.filemode(0755), '-rwxr-xr-x') self.assertEqual(tarfile.filemode(07111), '---s--s--t') +class HeaderErrorTest(unittest.TestCase): + + def test_truncated_header(self): + self.assertRaises(tarfile.HeaderError, tarfile.TarInfo.frombuf, "") + self.assertRaises(tarfile.HeaderError, tarfile.TarInfo.frombuf, "filename\0") + self.assertRaises(tarfile.HeaderError, tarfile.TarInfo.frombuf, "\0" * 511) + self.assertRaises(tarfile.HeaderError, tarfile.TarInfo.frombuf, "\0" * 513) + + def test_empty_header(self): + self.assertRaises(tarfile.HeaderError, tarfile.TarInfo.frombuf, "\0" * 512) + + def test_invalid_header(self): + buf = tarfile.TarInfo("filename").tobuf() + buf = buf[:148] + "foo\0\0\0\0\0" + buf[156:] # invalid number field. + self.assertRaises(tarfile.HeaderError, tarfile.TarInfo.frombuf, buf) + + def test_bad_checksum(self): + buf = tarfile.TarInfo("filename").tobuf() + b = buf[:148] + " " + buf[156:] # clear the checksum field. + self.assertRaises(tarfile.HeaderError, tarfile.TarInfo.frombuf, b) + b = "a" + buf[1:] # manipulate the buffer, so checksum won't match. + self.assertRaises(tarfile.HeaderError, tarfile.TarInfo.frombuf, b) if bz2: # Bzip2 TestCases @@ -646,6 +668,7 @@ def test_main(): tests = [ FileModeTest, + HeaderErrorTest, ReadTest, ReadStreamTest, ReadDetectTest,