Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Remove backtracking from parsing tarfile members and headers #121285

New issue
Copy link
New issue
Copy link
Closed
Closed
Remove backtracking from parsing tarfile members and headers#121285
Copy link
Assignees
gpsheadsethmlarson
Labels
3.10only security fixesonly security fixes3.11only security fixesonly security fixes3.13bugs and security fixesbugs and security fixes3.8 (EOL)end of lifeend of life3.9only security fixesonly security fixesstdlibPython modules in the Lib dirPython modules in the Lib dirtype-securityA security issueA security issue
@sethmlarson

Description

@sethmlarson
sethmlarson
opened on Jul 2, 2024
Issue body actions

Bug description:

Today the tarfile module parsing of header values allows for backtracking when parsing header values. Headers have a well-known format that doesn't require backtracking to parse reliably, the new method of parsing will only require a single pass over a byte stream.

CPython versions tested on:

CPython main branch

Operating systems tested on:

No response

Linked PRs

Metadata

Metadata

Assignees

Labels

3.10only security fixesonly security fixes3.11only security fixesonly security fixes3.13bugs and security fixesbugs and security fixes3.8 (EOL)end of lifeend of life3.9only security fixesonly security fixesstdlibPython modules in the Lib dirPython modules in the Lib dirtype-securityA security issueA security issue

Projects

Tarfile issues

Status

Done
Show more project fields

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    Morty Proxy This is a proxified and sanitized view of the page, visit original site.