Cypherpunks repositories - gostls13.git/commit

author	Joe Tsai <joetsai@digital-static.net>
	Thu, 1 Oct 2015 08:04:24 +0000 (01:04 -0700)
committer	Brad Fitzpatrick <bradfitz@golang.org>
	Tue, 6 Oct 2015 17:49:05 +0000 (17:49 +0000)
commit	e4add8d569d3152a461dbdf6e086dd60c8ca6c27
tree	82bd7547da45cb82cc9ff16e36d37fbbb0252248	tree
parent	281eabe46f638139b8d85d87a359880dc0f8ea81	commit \| diff

archive/tar: fix numeric overflow issues in readGNUSparseMap0x1

Motivation:
* The logic to verify the numEntries can overflow and incorrectly
pass, allowing a malicious file to allocate arbitrary memory.
* The use of strconv.ParseInt does not set the integer precision
to 64bit, causing this code to work incorrectly on 32bit machines.

Change-Id: I1b1571a750a84f2dde97cc329ed04fe2342aaa60
Reviewed-on: https://go-review.googlesource.com/15173
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

src/archive/tar/reader.go		diff \| blob \| history
src/archive/tar/reader_test.go		diff \| blob \| history