[commons-compress] branch master updated: COMPRESS-569 don't move backwards while scanning the archive

[bodewig]

This is an automated email from the ASF dual-hosted git repository.

bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git


The following commit(s) were added to refs/heads/master by this push:
     new 8543b03  COMPRESS-569 don't move backwards while scanning the archive
8543b03 is described below

commit 8543b030e93fa71b6093ac7d4cdb8c4e98bfd63d
Author: Stefan Bodewig <bode...@apache.org>
AuthorDate: Sat Mar 6 19:04:33 2021 +0100

    COMPRESS-569 don't move backwards while scanning the archive
---
 .../commons/compress/archivers/tar/TarFile.java       | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git 
a/src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java 
b/src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java
index 8e39d0f..a5e8b06 100644
--- a/src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java
+++ b/src/main/java/org/apache/commons/compress/archivers/tar/TarFile.java
@@ -233,9 +233,8 @@ public class TarFile implements Closeable {
 
         if (currEntry != null) {
             // Skip to the end of the entry
-            archive.position(currEntry.getDataOffset() + currEntry.getSize());
+            repositionForwardTo(currEntry.getDataOffset() + 
currEntry.getSize());
             throwExceptionIfPositionIsNotInArchive();
-
             skipRecordPadding();
         }
 
@@ -513,11 +512,23 @@ public class TarFile implements Closeable {
         if (!isDirectory() && currEntry.getSize() > 0 && currEntry.getSize() % 
recordSize != 0) {
             final long numRecords = (currEntry.getSize() / recordSize) + 1;
             final long padding = (numRecords * recordSize) - 
currEntry.getSize();
-            archive.position(archive.position() + padding);
+            repositionForwardBy(padding);
             throwExceptionIfPositionIsNotInArchive();
         }
     }
 
+    private void repositionForwardTo(final long newPosition) throws 
IOException {
+        final long currPosition = archive.position();
+        if (newPosition < currPosition) {
+            throw new IOException("trying to move backwards inside of the 
archive");
+        }
+        archive.position(newPosition);
+    }
+
+    private void repositionForwardBy(final long offset) throws IOException {
+        repositionForwardTo(archive.position() + offset);
+    }
+
     /**
      * Checks if the current position of the SeekableByteChannel is in the 
archive.
      * @throws IOException If the position is not in the archive
@@ -586,7 +597,7 @@ public class TarFile implements Closeable {
     private void consumeRemainderOfLastBlock() throws IOException {
         final long bytesReadOfLastBlock = archive.position() % blockSize;
         if (bytesReadOfLastBlock > 0) {
-            archive.position(archive.position() + blockSize - 
bytesReadOfLastBlock);
+            repositionForwardBy(blockSize - bytesReadOfLastBlock);
         }
     }