# Process this file with autom4te to create testsuite. -*- Autotest -*- # Test suite for GNU tar. # Copyright 2018 Free Software Foundation, Inc. # This file is part of GNU tar. # GNU tar is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # GNU tar is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Tar up to 1.30 would loop endlessly if a sparse file had been truncated # while being archived (with --sparse flag). # # The bug has been assigned id CVE-2018-20482 (on the grounds that it is a # denial of service possibility). # # Reported by: Chris Siebenmann # References: <20181226223948.781EB32008E@apps1.cs.toronto.edu>, # # # AT_SETUP([sparse file truncated while archiving]) AT_KEYWORDS([truncate filechange sparse sptr sptrcreat]) AT_TAR_CHECK([ genfile --sparse --block-size=1024 --file foo \ 0 ABCDEFGHIJ 1M ABCDEFGHIJ 10M ABCDEFGHIJ 200M ABCDEFGHIJ genfile --file baz genfile --run --checkpoint 3 --length 200m --truncate foo -- \ tar --checkpoint=1 \ --checkpoint-action=echo \ --checkpoint-action=sleep=1 \ --sparse -vcf bar foo baz echo Exit status: $? echo separator genfile --file foo --seek 200m --length 11575296 --pattern=zeros tar dvf bar], [1], [foo baz Exit status: 1 separator foo foo: Mod time differs baz ], [tar: foo: File shrank by 11575296 bytes; padding with zeros ], [],[],[posix, gnu, oldgnu]) AT_CLEANUP