bpo-39017 Fix infinite loop in the tarfile module#21454

rishi93 · 2020-07-12T22:04:35Z

Add a check for length = 0 in the _proc_pax function to avoid running into an infinite loop

https://bugs.python.org/issue39017

Add a check for length = 0 in the _proc_pax function to avoid running into an infinite loop

encukou

Could you note the CVE number that got assigned to this flaw?

Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst

Lib/test/test_tarfile.py

bcaller · 2020-07-14T10:19:15Z

Lib/test/test_tarfile.py

+    def test_length_zero_header(self):
+        with self.assertRaisesRegex(tarfile.ReadError, "file could not be opened successfully"):
+            with tarfile.open(support.findfile('recursion.tar')) as tar:
+                tar.getmembers()


I think this tar.getmembers() can be replaced with pass since it should never be called. Or you can call tarfile.is_tarfile instead of with tarfile.open.... Feel free to ignore this comment.

Thank you for the comment, I replaced the tar.getmembers() with pass as you suggested

Add relevant CVE number in inline comments Co-authored-by: Petr Viktorin <encukou@gmail.com>

Replace code that is never called with pass in tarfile testcase

miss-islington · 2020-07-15T11:51:04Z

Thanks @rishi93 for the PR, and @encukou for merging it 🌮🎉.. I'm working now to backport this PR to: 3.6, 3.7, 3.8, 3.9.
🐍🍒⛏🤖

encukou · 2020-07-15T11:51:07Z

Thank you!

Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907). (cherry picked from commit 5a8d121) Co-authored-by: Rishi <rishi_devan@mail.com>

bedevere-bot · 2020-07-15T11:51:27Z

GH-21482 is a backport of this pull request to the 3.9 branch.

Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907). (cherry picked from commit 5a8d121) Co-authored-by: Rishi <rishi_devan@mail.com>

bedevere-bot · 2020-07-15T11:51:34Z

GH-21483 is a backport of this pull request to the 3.8 branch.

bedevere-bot · 2020-07-15T11:51:43Z

GH-21484 is a backport of this pull request to the 3.7 branch.

bedevere-bot · 2020-07-15T11:51:50Z

GH-21485 is a backport of this pull request to the 3.6 branch.

Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907). (cherry picked from commit 5a8d121) Co-authored-by: Rishi <rishi_devan@mail.com>

rishi93 · 2020-07-15T12:24:41Z

Thank you everyone, for this opportunity

@encukou

…GH-21482) Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907). (cherry picked from commit 5a8d121) Co-authored-by: Rishi <rishi_devan@mail.com> Automerge-Triggered-By: @encukou

@encukou

…GH-21483) Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907). (cherry picked from commit 5a8d121) Co-authored-by: Rishi <rishi_devan@mail.com> Automerge-Triggered-By: @encukou

…1484) Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907). (cherry picked from commit 5a8d121) Co-authored-by: Rishi <rishi_devan@mail.com>

Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907). (cherry picked from commit 5a8d121) Co-authored-by: Rishi <rishi_devan@mail.com>

…#21489) Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907). (cherry picked from commit 5a8d121) Co-authored-by: Rishi <rishi_devan@mail.com>

Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).

bpo-39017 Fix infinite loop in the tarfile module

1fa6ef2

Add a check for length = 0 in the _proc_pax function to avoid running into an infinite loop

rishi93 requested a review from ethanfurman as a code owner July 12, 2020 22:04

the-knights-who-say-ni added the CLA signed label Jul 12, 2020

bedevere-bot added the awaiting review label Jul 12, 2020

📜🤖 Added by blurb_it.

c43a5af

encukou added needs backport to 3.6 labels Jul 14, 2020

encukou reviewed Jul 14, 2020

View reviewed changes

Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst Outdated Show resolved Hide resolved

Lib/test/test_tarfile.py Show resolved Hide resolved

bcaller reviewed Jul 14, 2020

View reviewed changes

rishi93 and others added 2 commits July 14, 2020 12:39

Apply suggestions from code review

5f7b945

Add relevant CVE number in inline comments Co-authored-by: Petr Viktorin <encukou@gmail.com>

bpo-39017: Fix infinite loop in the tarfile module

54084a8

Replace code that is never called with pass in tarfile testcase

encukou merged commit 5a8d121 into python:master Jul 15, 2020

bedevere-bot removed the awaiting review label Jul 15, 2020

bedevere-bot removed the needs backport to 3.9 label Jul 15, 2020

bedevere-bot removed needs backport to 3.8 labels Jul 15, 2020

bedevere-bot removed the needs backport to 3.6 label Jul 15, 2020

rishi93 deleted the fix-issue-39017 branch July 15, 2020 12:59

mweinelt mentioned this pull request Jul 28, 2020

Vulnerability roundup 90: python-2.7.18: 1 advisory [7.5] NixOS/nixpkgs#94004

Closed

1 task

shihai1991 pushed a commit to shihai1991/cpython that referenced this pull request Aug 4, 2020

bpo-39017: Avoid infinite loop in the tarfile module (pythonGH-21454)

3c3411b

Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).

shihai1991 pushed a commit to shihai1991/cpython that referenced this pull request Aug 20, 2020

bpo-39017: Avoid infinite loop in the tarfile module (pythonGH-21454)

ad7df48

Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).

xzy3 pushed a commit to xzy3/cpython that referenced this pull request Oct 18, 2020

bpo-39017: Avoid infinite loop in the tarfile module (pythonGH-21454)

f5481db

Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

bpo-39017 Fix infinite loop in the tarfile module#21454