gh-107811: tarfile: treat overflow in UID/GID as failure to set it (#108369)

author Petr Viktorin <encukou@gmail.com>

Wed, 23 Aug 2023 18:00:07 +0000 (20:00 +0200)

committer GitHub <noreply@github.com>

Wed, 23 Aug 2023 18:00:07 +0000 (20:00 +0200)
author Petr Viktorin <encukou@gmail.com>
Wed, 23 Aug 2023 18:00:07 +0000 (20:00 +0200)
committer GitHub <noreply@github.com>
Wed, 23 Aug 2023 18:00:07 +0000 (20:00 +0200)
diff --git a/Lib/tarfile.py b/Lib/tarfile.py

index a835d00c90c92c7cf70c17f387c8b334213037e2..726f9f50ba2e726e5addb203f57a45bd42d38bba 100755 (executable)
--- a/Lib/tarfile.py
+++ b/Lib/tarfile.py
@@ -2557,7 +2557,8 @@ class TarFile(object):
                      os.lchown(targetpath, u, g)
                  else:
                      os.chown(targetpath, u, g)
-            except OSError as e:
+            except (OSError, OverflowError) as e:
+                # OverflowError can be raised if an ID doesn't fit in `id_t`
                  raise ExtractError("could not change owner") from e
  
      def chmod(self, tarinfo, targetpath):
diff --git a/Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst b/Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst

new file mode 100644 (file)

index 0000000..ffca413
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst
@@ -0,0 +1,3 @@
+:mod:`tarfile`: extraction of members with overly large UID or GID (e.g. on
+an OS with 32-bit :c:type:`!id_t`) now fails in the same way as failing to
+set the ID.
author	Petr Viktorin <encukou@gmail.com>
	Wed, 23 Aug 2023 18:00:07 +0000 (20:00 +0200)
committer	GitHub <noreply@github.com>
	Wed, 23 Aug 2023 18:00:07 +0000 (20:00 +0200)
Lib/tarfile.py		patch \| blob \| blame \| history
Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst	[new file with mode: 0644]	patch \| blob