Issue #24259: tarfile now raises a ReadError if an archive is truncated inside a...

diff --git a/Lib/tarfile.py b/Lib/tarfile.py
index d7c1500bc572deba5d15cb74b6024b0883367a3c..66e5393afe5452c7cb298622e1922e06c6fd3c78 100644 (file)
--- a/Lib/tarfile.py
+++ b/Lib/tarfile.py
@@ -744,12 +744,18 @@ class _FileInFile(object):
         else:
             return self.readsparse(size)
 
+    def __read(self, size):
+        buf = self.fileobj.read(size)
+        if len(buf) != size:
+            raise ReadError("unexpected end of data")
+        return buf
+
     def readnormal(self, size):
         """Read operation for regular files.
         """
         self.fileobj.seek(self.offset + self.position)
         self.position += size
-        return self.fileobj.read(size)
+        return self.__read(size)
 
     def readsparse(self, size):
         """Read operation for sparse files.
@@ -777,7 +783,7 @@ class _FileInFile(object):
             realpos = section.realpos + self.position - section.offset
             self.fileobj.seek(self.offset + realpos)
             self.position += size
-            return self.fileobj.read(size)
+            return self.__read(size)
         else:
             self.position += size
             return NUL * size
@@ -2336,8 +2342,13 @@ class TarFile(object):
             self.firstmember = None
             return m
 
+        # Advance the file pointer.
+        if self.offset != self.fileobj.tell():
+            self.fileobj.seek(self.offset - 1)
+            if not self.fileobj.read(1):
+                raise ReadError("unexpected end of data")
+
         # Read the next block.
-        self.fileobj.seek(self.offset)
         tarinfo = None
         while True:
             try:

diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py
index a92d371c71733156ea82fbecb9cc4085f683ead2..a72c37bf9e15b39355695b1101fd767e95e78772 100644 (file)
--- a/Lib/test/test_tarfile.py
+++ b/Lib/test/test_tarfile.py
@@ -285,6 +285,30 @@ class CommonReadTest(ReadTest):
                     "ignore_zeros=True should have skipped the %r-blocks" % char)
             tar.close()
 
+    def test_premature_end_of_archive(self):
+        for size in (512, 600, 1024, 1200):
+            with tarfile.open(tmpname, "w:") as tar:
+                t = tarfile.TarInfo("foo")
+                t.size = 1024
+                tar.addfile(t, StringIO.StringIO("a" * 1024))
+
+            with open(tmpname, "r+b") as fobj:
+                fobj.truncate(size)
+
+            with tarfile.open(tmpname) as tar:
+                with self.assertRaisesRegexp(tarfile.ReadError, "unexpected end of data"):
+                    for t in tar:
+                        pass
+
+            with tarfile.open(tmpname) as tar:
+                t = tar.next()
+
+                with self.assertRaisesRegexp(tarfile.ReadError, "unexpected end of data"):
+                    tar.extract(t, TEMPDIR)
+
+                with self.assertRaisesRegexp(tarfile.ReadError, "unexpected end of data"):
+                    tar.extractfile(t).read()
+
 
 class MiscReadTest(CommonReadTest):
     taropen = tarfile.TarFile.taropen

diff --git a/Misc/NEWS b/Misc/NEWS
index 3f98a157d9536b16b24a9bc125c68d64e3bce1be..0b55665199b05c5664fbcd92d0cfe9a8fedebab7 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -34,6 +34,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #24259: tarfile now raises a ReadError if an archive is truncated
+  inside a data segment.
+
 - Issue #24514: tarfile now tolerates number fields consisting of only
   whitespace.