From b5cf56bc7f734ed8bfad4119fb817261e541a609 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Nov 2017 02:50:52 +1100
Subject: [PATCH] vendor: update to github.com/vbatts/tar-split@v0.10.2
Update to the latest version of tar-split, which includes a change to
fix a memory exhaustion issue where a malformed image could cause the
Docker daemon to crash.
* tar: asm: store padding in chunks to avoid memory exhaustion
Fixes: CVE-2017-14992
SUSE-Bug: https://bugzilla.suse.com/show_bug.cgi?id=1066210
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
vendor.conf | 2 +-
vendor/github.com/vbatts/tar-split/README.md | 3 +-
.../vbatts/tar-split/tar/asm/disassemble.go | 43 ++++++++++++++--------
3 files changed, 31 insertions(+), 17 deletions(-)
diff --git a/vendor.conf b/vendor.conf
index 535adad38728..ea4f75bbea10 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -53,7 +53,7 @@ github.com/miekg/dns 75e6e86cc601825c5dbcd4e0c209eab180997cd7
# get graph and distribution packages
github.com/docker/distribution b38e5838b7b2f2ad48e06ec4b500011976080621
-github.com/vbatts/tar-split v0.10.1
+github.com/vbatts/tar-split v0.10.2
github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb
# get go-zfs packages
diff --git a/vendor/github.com/vbatts/tar-split/README.md b/vendor/github.com/vbatts/tar-split/README.md
index 4c544d823fbc..03e3ec4308b7 100644
--- a/vendor/github.com/vbatts/tar-split/README.md
+++ b/vendor/github.com/vbatts/tar-split/README.md
@@ -1,6 +1,7 @@
# tar-split
[](https://travis-ci.org/vbatts/tar-split)
+[](https://goreportcard.com/report/github.com/vbatts/tar-split)
Pristinely disassembling a tar archive, and stashing needed raw bytes and offsets to reassemble a validating original archive.
@@ -50,7 +51,7 @@ For example stored sparse files that have "holes" in them, will be read as a
contiguous file, though the archive contents may be recorded in sparse format.
Therefore when adding the file payload to a reassembled tar, to achieve
identical output, the file payload would need be precisely re-sparsified. This
-is not something I seek to fix imediately, but would rather have an alert that
+is not something I seek to fix immediately, but would rather have an alert that
precise reassembly is not possible.
(see more http://www.gnu.org/software/tar/manual/html_node/Sparse-Formats.html)
diff --git a/vendor/github.com/vbatts/tar-split/tar/asm/disassemble.go b/vendor/github.com/vbatts/tar-split/tar/asm/disassemble.go
index 54ef23aed366..009b3f5d8124 100644
--- a/vendor/github.com/vbatts/tar-split/tar/asm/disassemble.go
+++ b/vendor/github.com/vbatts/tar-split/tar/asm/disassemble.go
@@ -2,7 +2,6 @@ package asm
import (
"io"
- "io/ioutil"
"github.com/vbatts/tar-split/archive/tar"
"github.com/vbatts/tar-split/tar/storage"
@@ -119,20 +118,34 @@ func NewInputTarStream(r io.Reader, p storage.Packer, fp storage.FilePutter) (io
}
}
- // it is allowable, and not uncommon that there is further padding on the
- // end of an archive, apart from the expected 1024 null bytes.
- remainder, err := ioutil.ReadAll(outputRdr)
- if err != nil && err != io.EOF {
- pW.CloseWithError(err)
- return
- }
- _, err = p.AddEntry(storage.Entry{
- Type: storage.SegmentType,
- Payload: remainder,
- })
- if err != nil {
- pW.CloseWithError(err)
- return
+ // It is allowable, and not uncommon that there is further padding on
+ // the end of an archive, apart from the expected 1024 null bytes. We
+ // do this in chunks rather than in one go to avoid cases where a
+ // maliciously crafted tar file tries to trick us into reading many GBs
+ // into memory.
+ const paddingChunkSize = 1024 * 1024
+ var paddingChunk [paddingChunkSize]byte
+ for {
+ var isEOF bool
+ n, err := outputRdr.Read(paddingChunk[:])
+ if err != nil {
+ if err != io.EOF {
+ pW.CloseWithError(err)
+ return
+ }
+ isEOF = true
+ }
+ _, err = p.AddEntry(storage.Entry{
+ Type: storage.SegmentType,
+ Payload: paddingChunk[:n],
+ })
+ if err != nil {
+ pW.CloseWithError(err)
+ return
+ }
+ if isEOF {
+ break
+ }
}
pW.Close()
}()
--
2.14.3