archive/tar: handle integer overflow on 32bit machines

Most calls to strconv.ParseInt(x, 10, 0) should really be
calls to strconv.ParseInt(x, 10, 64) in order to ensure that they
do not overflow on 32b architectures.

Furthermore, we should document a bug where Uid and Gid may
overflow on 32b machines since the type is declared as int.

Change-Id: I99c0670b3c2922e4a9806822d9ad37e1a364b2b8
Reviewed-on: https://go-review.googlesource.com/28472
Run-TryBot: Joe Tsai <thebrokentoaster@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>

diff --git a/src/archive/tar/common.go b/src/archive/tar/common.go
index 38997fe7543d6cba55c7cf91befe9ba1f4513a34..d2ae66d554d400d90721bad110a4ffa9b427d559 100644 (file)
--- a/src/archive/tar/common.go
+++ b/src/archive/tar/common.go
@@ -20,6 +20,10 @@ import (
        "time"
 )
 
+// BUG: Use of the Uid and Gid fields in Header could overflow on 32-bit
+// architectures. If a large value is encountered when decoding, the result
+// stored in Header will be the truncated version.
+
 // Header type flags.
 const (
        TypeReg           = '0'    // regular file

diff --git a/src/archive/tar/reader.go b/src/archive/tar/reader.go
index 462fb8d5d472a002e3ec91b0a3130648f20a1bf1..4eff314c763b3d5e2272098ed7ebb2650e22f9d9 100644 (file)
--- a/src/archive/tar/reader.go
+++ b/src/archive/tar/reader.go
@@ -269,13 +269,13 @@ func (tr *Reader) checkForGNUSparsePAXHeaders(hdr *Header, headers map[string]st
                hdr.Name = sparseName
        }
        if sparseSizeOk {
-               realSize, err := strconv.ParseInt(sparseSize, 10, 0)
+               realSize, err := strconv.ParseInt(sparseSize, 10, 64)
                if err != nil {
                        return nil, ErrHeader
                }
                hdr.Size = realSize
        } else if sparseRealSizeOk {
-               realSize, err := strconv.ParseInt(sparseRealSize, 10, 0)
+               realSize, err := strconv.ParseInt(sparseRealSize, 10, 64)
                if err != nil {
                        return nil, ErrHeader
                }
@@ -312,11 +312,11 @@ func mergePAX(hdr *Header, headers map[string]string) (err error) {
                case paxGname:
                        hdr.Gname = v
                case paxUid:
-                       id64, err = strconv.ParseInt(v, 10, 0)
-                       hdr.Uid = int(id64)
+                       id64, err = strconv.ParseInt(v, 10, 64)
+                       hdr.Uid = int(id64) // Integer overflow possible
                case paxGid:
-                       id64, err = strconv.ParseInt(v, 10, 0)
-                       hdr.Gid = int(id64)
+                       id64, err = strconv.ParseInt(v, 10, 64)
+                       hdr.Gid = int(id64) // Integer overflow possible
                case paxAtime:
                        hdr.AccessTime, err = parsePAXTime(v)
                case paxMtime:
@@ -324,7 +324,7 @@ func mergePAX(hdr *Header, headers map[string]string) (err error) {
                case paxCtime:
                        hdr.ChangeTime, err = parsePAXTime(v)
                case paxSize:
-                       hdr.Size, err = strconv.ParseInt(v, 10, 0)
+                       hdr.Size, err = strconv.ParseInt(v, 10, 64)
                default:
                        if strings.HasPrefix(k, paxXattr) {
                                if hdr.Xattrs == nil {