[Bug-tar] [PATCH 0/2] tar: checksum collision

[Alexander Kolesen]

Hello,

I've bumped into strange tar behavior - it's unable to decompress a previously 
compressed archive:

 % file test.tar.gz
test.tar.gz: gzip compressed data, from Unix, last modified: Fri Dec 21 
13:00:50 2012
 % tar -xf test.tar.gz -C out && echo "Success"
tar: This does not look like a tar archive
tar: Exiting with failure status due to previous errors
 % tar -xf test.tar.gz && echo "Success"
Success

Here's the content of the file. In contains nothing but an empty directory:
 % cat test.tar.gz | base64
H4sIAFIz1FAAA+3PMQqDQBCF4TnK3sAZddzjiAERCaywccn1NUUghWgjqf6vecW84s2cl/Re8nPM
/WsdpjlNldxNdzH6Jy26/uaXWK2da2Nem6i1rXUS/PYlB8r+dg5ByqOktZz0Lu4AAAAAAAAAAAAA
AAAAAPzRBndnEVwAKAAA

I've made a quick research and found out that src/list.c:tar_checksum function
wrongly interprets this file as a plain tar archive instead of gzipped tar due
checksum collision (signed_sum == recorded_sum == 0):

(gdb) run -xvf ../iw.tgz.bak
Starting program: /home/m0use/work/tar-bug/tar/src/tar -xvf ../iw.tgz.bak
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?

Breakpoint 1, tar_checksum (header=<optimized out>, address@hidden) at 
list.c:350
350       if (unsigned_sum != recorded_sum && signed_sum != recorded_sum)
(gdb) p signed_sum
$1 = 0
(gdb) p recorded_sum
$2 = 0

So, tar_checksum function returns HEADER_SUCCESS in case of gzipped tar file, 
what's wrong.
Here's a couple of patches which fixes the case from my perspective.
Please, review when you have a chance.
Thanks!


Alexander Kolesen (2):
  check_compressed_archive: check for compressed signatures first prior
    to checking tar checksum
  init_buffer: zero-fill allocated memory to prevent examing a junk

 src/buffer.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

-- 
1.8.5.2