Programs that want to operate on archives containing insecure file names may
ignore this error.
</p>
+ <p>
+ Insecure tar file name checks may be entirely disabled by setting the
+ <code>GODEBUG=tarinsecurepath=1</code> environment variable.
+ </p>
</dd>
</dl><!-- archive/tar -->
Programs that want to operate on archives containing insecure file names may
ignore this error.
</p>
+ <p>
+ Insecure zip file name checks may be entirely disabled by setting the
+ <code>GODEBUG=zipinsecurepath=1</code> environment variable.
+ </p>
<p><!-- CL 449955 -->
Reading from a directory file that contains file data will now return an error.
The zip specification does not permit directory files to contain file data,
import (
"errors"
"fmt"
+ "internal/godebug"
"io/fs"
"math"
"path"
// architectures. If a large value is encountered when decoding, the result
// stored in Header will be the truncated version.
+var tarinsecurepath = godebug.New("tarinsecurepath")
+
var (
ErrHeader = errors.New("archive/tar: invalid tar header")
ErrWriteTooLong = errors.New("archive/tar: write too long")
}
hdr, err := tr.next()
tr.err = err
- if err == nil && !filepath.IsLocal(hdr.Name) {
+ if err == nil && tarinsecurepath.Value() != "1" && !filepath.IsLocal(hdr.Name) {
err = ErrInsecurePath
}
return hdr, err
}
func TestInsecurePaths(t *testing.T) {
+ t.Setenv("GODEBUG", "tarinsecurepath=0")
for _, path := range []string{
"../foo",
"/foo",
}
}
}
+
+func TestDisableInsecurePathCheck(t *testing.T) {
+ t.Setenv("GODEBUG", "tarinsecurepath=1")
+ var buf bytes.Buffer
+ tw := NewWriter(&buf)
+ const name = "/foo"
+ tw.WriteHeader(&Header{
+ Name: name,
+ })
+ tw.Close()
+ tr := NewReader(&buf)
+ h, err := tr.Next()
+ if err != nil {
+ t.Fatalf("tr.Next with tarinsecurepath=1: got err %v, want nil", err)
+ }
+ if h.Name != name {
+ t.Fatalf("tr.Next with tarinsecurepath=1: got name %q, want %q", h.Name, name)
+ }
+}
"errors"
"hash"
"hash/crc32"
+ "internal/godebug"
"io"
"io/fs"
"os"
"time"
)
+var zipinsecurepath = godebug.New("zipinsecurepath")
+
var (
ErrFormat = errors.New("zip: not a valid zip file")
ErrAlgorithm = errors.New("zip: unsupported compression algorithm")
// Zip permits an empty file name field.
continue
}
+ if zipinsecurepath.Value() == "1" {
+ continue
+ }
// The zip specification states that names must use forward slashes,
// so consider any backslashes in the name insecure.
if !filepath.IsLocal(f.Name) || strings.Contains(f.Name, `\`) {
}
func TestCVE202127919(t *testing.T) {
+ t.Setenv("GODEBUG", "zipinsecurepath=0")
// Archive containing only the file "../test.txt"
data := []byte{
0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x08, 0x00,
}
func TestCVE202141772(t *testing.T) {
+ t.Setenv("GODEBUG", "zipinsecurepath=0")
// Archive contains a file whose name is exclusively made up of '/', '\'
// characters, or "../", "..\" paths, which would previously cause a panic.
//
}
func TestInsecurePaths(t *testing.T) {
+ t.Setenv("GODEBUG", "zipinsecurepath=0")
for _, path := range []string{
"../foo",
"/foo",
}
}
}
+
+func TestDisableInsecurePathCheck(t *testing.T) {
+ t.Setenv("GODEBUG", "zipinsecurepath=1")
+ var buf bytes.Buffer
+ zw := NewWriter(&buf)
+ const name = "/foo"
+ _, err := zw.Create(name)
+ if err != nil {
+ t.Fatalf("zw.Create(%q) = %v", name, err)
+ }
+ zw.Close()
+ zr, err := NewReader(bytes.NewReader(buf.Bytes()), int64(buf.Len()))
+ if err != nil {
+ t.Fatalf("NewReader with zipinsecurepath=1: got err %v, want nil", err)
+ }
+ var gotPaths []string
+ for _, f := range zr.File {
+ gotPaths = append(gotPaths, f.Name)
+ }
+ if want := []string{name}; !reflect.DeepEqual(gotPaths, want) {
+ t.Errorf("NewReader with zipinsecurepath=1: got files %q, want %q", gotPaths, want)
+ }
+}