File: sptrcreat.at

package info (click to toggle)
tar 1.30+dfsg-5
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 18,352 kB
  • sloc: ansic: 77,395; sh: 52,672; yacc: 1,842; makefile: 479; sed: 16
file content (62 lines) | stat: -rw-r--r-- 2,092 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# Process this file with autom4te to create testsuite. -*- Autotest -*-

# Test suite for GNU tar.
# Copyright 2018 Free Software Foundation, Inc.

# This file is part of GNU tar.

# GNU tar is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.

# GNU tar is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# Tar up to 1.30 would loop endlessly if a sparse file had been truncated
# while being archived (with --sparse flag).
#
# The bug has been assigned id CVE-2018-20482 (on the grounds that it is a
# denial of service possibility).
# 
# Reported by: Chris Siebenmann <cks.gnutar-01@cs.toronto.edu>
# References: <20181226223948.781EB32008E@apps1.cs.toronto.edu>,
#   <http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html>
#   <https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug>
#   <https://nvd.nist.gov/vuln/detail/CVE-2018-20482>

AT_SETUP([sparse file truncated while archiving])
AT_KEYWORDS([truncate filechange sparse sptr sptrcreat])

AT_TAR_CHECK([
genfile --sparse --block-size=1024 --file foo \
  0 ABCDEFGHIJ 1M ABCDEFGHIJ 10M ABCDEFGHIJ 200M ABCDEFGHIJ
genfile --file baz
genfile --run --checkpoint 3 --length 200m --truncate foo -- \
 tar --checkpoint=1 \
     --checkpoint-action=echo \
     --checkpoint-action=sleep=1 \
     --sparse -vcf bar foo baz
echo Exit status: $?
echo separator
genfile --file foo --seek 200m --length 11575296 --pattern=zeros
tar dvf bar],
[1],
[foo
baz
Exit status: 1
separator
foo
foo: Mod time differs
baz
],
[tar: foo: File shrank by 11575296 bytes; padding with zeros
],
[],[],[posix, gnu, oldgnu])

AT_CLEANUP