tarbomb detection: ignore pax entries

This patch was added to the tar code in cabal-install but never ported to the main lib. PAX header entries never get unpacked anyway.
haskell · May 3, 2016 · 6c0acf8 · 6c0acf8
1 parent 2095800
commit 6c0acf8
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/Codec/Archive/Tar/Check.hs b/Codec/Archive/Tar/Check.hs
@@ -120,6 +120,15 @@ checkTarbomb :: FilePath -> Entries e -> Entries (Either e TarBombError)
 checkTarbomb expectedTopDir = checkEntries (checkEntryTarbomb expectedTopDir)
 
 checkEntryTarbomb :: FilePath -> Entry -> Maybe TarBombError
+checkEntryTarbomb _ entry | nonFilesystemEntry = Nothing
+  where
+    -- Ignore some special entries we will not unpack anyway
+    nonFilesystemEntry =
+      case entryContent entry of
+        OtherEntryType 'g' _ _ -> True --PAX global header
+        OtherEntryType 'x' _ _ -> True --PAX individual header
+        _                      -> False
+
 checkEntryTarbomb expectedTopDir entry =
   case FilePath.Native.splitDirectories (entryPath entry) of
     (topDir:_) | topDir == expectedTopDir -> Nothing