Cypherpunks repositories - gostls13.git/commit

author	Joe Tsai <joetsai@digital-static.net>
	Mon, 28 Sep 2015 23:38:16 +0000 (16:38 -0700)
committer	Andrew Gerrand <adg@golang.org>
	Thu, 1 Oct 2015 00:51:15 +0000 (00:51 +0000)
commit	79480ca07a1515223d49031c59ae37b662f45b5e
tree	af4d49333eef2d77f255aa9314225fa423cc8037	tree
parent	b1797390b95d1ffd3d97b19532bf451719d42fd5	commit \| diff

archive/tar: fix bugs with sparseFileReader

The sparseFileReader is prone to two different forms of
denial-of-service attacks:
* A malicious tar file can cause an infinite loop
* A malicious tar file can cause arbitrary panics

This results because of poor error checking/handling, which this
CL fixes. While we are at it, add a plethora of unit tests to
test for possible malicious inputs.

Change-Id: I2f9446539d189f3c1738a1608b0ad4859c1be929
Reviewed-on: https://go-review.googlesource.com/15115
Reviewed-by: Andrew Gerrand <adg@golang.org>
Run-TryBot: Andrew Gerrand <adg@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

src/archive/tar/reader.go		diff \| blob \| history
src/archive/tar/reader_test.go		diff \| blob \| history