[proxy] web.archive.org← back | site home | direct (HTTPS) ↗ | proxy home | ◑ dark◐ light

bpo-39017 Fix infinite loop in the tarfile module by rishi93 · Pull Request #21454 · python/cpython

rishi93

Conversation

Add a check for length = 0 in the _proc_pax function to avoid running into an infinite loop

Add relevant CVE number in inline comments

Co-authored-by: Petr Viktorin <encukou@gmail.com>
Replace code that is never called with pass in tarfile testcase

encukou merged commit 5a8d121 into python:master

Jul 15, 2020

10 checks passed

Azure Pipelines PR #20200714.5 succeeded

Details

bedevere/issue-number Issue number 39017 found

Details

bedevere/news News entry found in Misc/NEWS.d

continuous-integration/travis-ci/pr The Travis CI build passed

Details

miss-islington added a commit to miss-islington/cpython that referenced this pull request

Jul 15, 2020 
Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).
(cherry picked from commit 5a8d121)

Co-authored-by: Rishi <rishi_devan@mail.com>

miss-islington added a commit to miss-islington/cpython that referenced this pull request

Jul 15, 2020 
Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).
(cherry picked from commit 5a8d121)

Co-authored-by: Rishi <rishi_devan@mail.com>

miss-islington added a commit to miss-islington/cpython that referenced this pull request

Jul 15, 2020 
Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).
(cherry picked from commit 5a8d121)

Co-authored-by: Rishi <rishi_devan@mail.com>

miss-islington added a commit to miss-islington/cpython that referenced this pull request

Jul 15, 2020 
Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).
(cherry picked from commit 5a8d121)

Co-authored-by: Rishi <rishi_devan@mail.com>

miss-islington added a commit that referenced this pull request

Jul 15, 2020 
…GH-21482)

Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).
(cherry picked from commit 5a8d121)


Co-authored-by: Rishi <rishi_devan@mail.com>

Automerge-Triggered-By: @encukou

miss-islington added a commit that referenced this pull request

Jul 15, 2020 
…GH-21483)

Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).
(cherry picked from commit 5a8d121)


Co-authored-by: Rishi <rishi_devan@mail.com>

Automerge-Triggered-By: @encukou

ned-deily pushed a commit that referenced this pull request

Jul 15, 2020 
…1484)

Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).
(cherry picked from commit 5a8d121)

Co-authored-by: Rishi <rishi_devan@mail.com>

ned-deily pushed a commit that referenced this pull request

Jul 15, 2020 
Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).
(cherry picked from commit 5a8d121)

Co-authored-by: Rishi <rishi_devan@mail.com>

rishi93 deleted the rishi93:fix-issue-39017 branch

Jul 15, 2020

encukou added a commit that referenced this pull request

Jul 15, 2020 
Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).
(cherry picked from commit 5a8d121)

Co-authored-by: Rishi <rishi_devan@mail.com>

larryhastings pushed a commit that referenced this pull request

Jul 16, 2020 
…#21489)

Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).
(cherry picked from commit 5a8d121)

Co-authored-by: Rishi <rishi_devan@mail.com>

J-Arun-Mani added a commit to J-Arun-Mani/cpython that referenced this pull request

Jul 21, 2020 
Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).

Closed

shihai1991 added a commit to shihai1991/cpython that referenced this pull request

Aug 4, 2020 
Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).

shihai1991 added a commit to shihai1991/cpython that referenced this pull request

Aug 20, 2020 
Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).

xzy3 pushed a commit to xzy3/cpython that referenced this pull request

Oct 18, 2020 
Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).

chrisburr added a commit to chrisburr/cpython that referenced this pull request

Dec 9, 2020 
Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).