[Python-checkins] gh-107811: tarfile: treat overflow in UID/GID as failure to set it (#108369)
encukou
webhook-mailer at python.org
Wed Aug 23 14:00:13 EDT 2023
https://github.com/python/cpython/commit/5d1871576500adc4ebaa7f59b8559605a57ad36b
commit: 5d1871576500adc4ebaa7f59b8559605a57ad36b
branch: main
author: Petr Viktorin <encukou at gmail.com>
committer: encukou <encukou at gmail.com>
date: 2023-08-23T20:00:07+02:00
summary:
gh-107811: tarfile: treat overflow in UID/GID as failure to set it (#108369)
files:
A Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst
M Lib/tarfile.py
diff --git a/Lib/tarfile.py b/Lib/tarfile.py
index a835d00c90c92..726f9f50ba2e7 100755
--- a/Lib/tarfile.py
+++ b/Lib/tarfile.py
@@ -2557,7 +2557,8 @@ def chown(self, tarinfo, targetpath, numeric_owner):
os.lchown(targetpath, u, g)
else:
os.chown(targetpath, u, g)
- except OSError as e:
+ except (OSError, OverflowError) as e:
+ # OverflowError can be raised if an ID doesn't fit in `id_t`
raise ExtractError("could not change owner") from e
def chmod(self, tarinfo, targetpath):
diff --git a/Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst b/Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst
new file mode 100644
index 0000000000000..ffca4131db228
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst
@@ -0,0 +1,3 @@
+:mod:`tarfile`: extraction of members with overly large UID or GID (e.g. on
+an OS with 32-bit :c:type:`!id_t`) now fails in the same way as failing to
+set the ID.
More information about the Python-checkins
mailing list