diff options
author | Joe Tsai <joetsai@digital-static.net> | 2015-09-22 02:14:28 -0700 |
---|---|---|
committer | Brad Fitzpatrick <bradfitz@golang.org> | 2015-09-23 08:29:13 +0000 |
commit | b0a1f6462f34c9907ea35813b7ffa0f600646e80 (patch) | |
tree | a2ad7118b4e7f6ac2e45ee1cdd9973c67c978544 /src/compress/gzip/gunzip.go | |
parent | 9deb940d2481396944f090dd9f205f2d5b3d94ee (diff) | |
download | go-b0a1f6462f34c9907ea35813b7ffa0f600646e80.tar.gz go-b0a1f6462f34c9907ea35813b7ffa0f600646e80.zip |
compress/gzip: detect truncated streams
Reader fails to detect truncated streams since calls to io.ReadFull
do not check if the error is io.EOF.
Change-Id: I052cd03161e43fec17e3d328106c40e17923e52b
Reviewed-on: https://go-review.googlesource.com/14832
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Diffstat (limited to 'src/compress/gzip/gunzip.go')
-rw-r--r-- | src/compress/gzip/gunzip.go | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/compress/gzip/gunzip.go b/src/compress/gzip/gunzip.go index dc276535d3..91473bf598 100644 --- a/src/compress/gzip/gunzip.go +++ b/src/compress/gzip/gunzip.go @@ -167,6 +167,9 @@ func (z *Reader) readString() (string, error) { func (z *Reader) read2() (uint32, error) { _, err := io.ReadFull(z.r, z.buf[0:2]) if err != nil { + if err == io.EOF { + err = io.ErrUnexpectedEOF + } return 0, err } return uint32(z.buf[0]) | uint32(z.buf[1])<<8, nil @@ -175,6 +178,13 @@ func (z *Reader) read2() (uint32, error) { func (z *Reader) readHeader(save bool) error { _, err := io.ReadFull(z.r, z.buf[0:10]) if err != nil { + // RFC1952 section 2.2 says the following: + // A gzip file consists of a series of "members" (compressed data sets). + // + // Other than this, the specification does not clarify whether a + // "series" is defined as "one or more" or "zero or more". To err on the + // side of caution, Go interprets this to mean "zero or more". + // Thus, it is okay to return io.EOF here. return err } if z.buf[0] != gzipID1 || z.buf[1] != gzipID2 || z.buf[2] != gzipDeflate { @@ -196,6 +206,9 @@ func (z *Reader) readHeader(save bool) error { } data := make([]byte, n) if _, err = io.ReadFull(z.r, data); err != nil { + if err == io.EOF { + err = io.ErrUnexpectedEOF + } return err } if save { @@ -260,6 +273,9 @@ func (z *Reader) Read(p []byte) (n int, err error) { // Finished file; check checksum + size. if _, err := io.ReadFull(z.r, z.buf[0:8]); err != nil { + if err == io.EOF { + err = io.ErrUnexpectedEOF + } z.err = err return 0, err } |