diff options
| author | Ćukasz Langa <lukasz@langa.pl> | 2021-09-29 10:56:14 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-29 10:56:14 (GMT) |
| commit | 7bff4d396f20451f20977be3ce23a879c6bc3e46 (patch) | |
| tree | 5f8e6931c6576b28f02be4b7cacd0458d07a5d66 | |
| parent | c6b5ceae3475d7782ed88f4e54bdb2232a8eb088 (diff) | |
| download | cpython-7bff4d396f20451f20977be3ce23a879c6bc3e46.zip cpython-7bff4d396f20451f20977be3ce23a879c6bc3e46.tar.gz cpython-7bff4d396f20451f20977be3ce23a879c6bc3e46.tar.bz2 | |
[3.9] bpo-39039: tarfile raises descriptive exception from zlib.error (GH-27766) (GH-28614)
* during tarfile parsing, a zlib error indicates invalid data
* tarfile.open now raises a descriptive exception from the zlib error
* this makes it clear to the user that they may be trying to open a
corrupted tar file.
(cherry picked from commit b6fe8572509b77d2002eaddf99d718e9b4835684)
Co-authored-by: Jack DeVries <58614260+jdevries3133@users.noreply.github.com>
| -rwxr-xr-x | Lib/tarfile.py | 9 | ||||
| -rw-r--r-- | Lib/test/test_tarfile.py | 14 | ||||
| -rw-r--r-- | Misc/NEWS.d/next/Library/2021-08-18-10-36-14.bpo-39039.A63LYh.rst | 2 |
3 files changed, 25 insertions, 0 deletions
diff --git a/Lib/tarfile.py b/Lib/tarfile.py index 1d15612..043a4ab 100755 --- a/Lib/tarfile.py +++ b/Lib/tarfile.py @@ -2345,6 +2345,15 @@ class TarFile(object): raise ReadError(str(e)) except SubsequentHeaderError as e: raise ReadError(str(e)) + except Exception as e: + try: + import zlib + if isinstance(e, zlib.error): + raise ReadError(f'zlib error: {e}') + else: + raise e + except ImportError: + raise e break if tarinfo is not None: diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py index 6279309..06fb972 100644 --- a/Lib/test/test_tarfile.py +++ b/Lib/test/test_tarfile.py @@ -19,6 +19,10 @@ try: except ImportError: gzip = None try: + import zlib +except ImportError: + zlib = None +try: import bz2 except ImportError: bz2 = None @@ -686,6 +690,16 @@ class MiscReadTestBase(CommonReadTest): self.assertEqual(m1.offset, m2.offset) self.assertEqual(m1.get_info(), m2.get_info()) + @unittest.skipIf(zlib is None, "requires zlib") + def test_zlib_error_does_not_leak(self): + # bpo-39039: tarfile.open allowed zlib exceptions to bubble up when + # parsing certain types of invalid data + with unittest.mock.patch("tarfile.TarInfo.fromtarfile") as mock: + mock.side_effect = zlib.error + with self.assertRaises(tarfile.ReadError): + tarfile.open(self.tarname) + + class MiscReadTest(MiscReadTestBase, unittest.TestCase): test_fail_comp = None diff --git a/Misc/NEWS.d/next/Library/2021-08-18-10-36-14.bpo-39039.A63LYh.rst b/Misc/NEWS.d/next/Library/2021-08-18-10-36-14.bpo-39039.A63LYh.rst new file mode 100644 index 0000000..7250055 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2021-08-18-10-36-14.bpo-39039.A63LYh.rst @@ -0,0 +1,2 @@ +tarfile.open raises :exc:`~tarfile.ReadError` when a zlib error occurs +during file extraction. |