From 3afaea1abbb05654a459da2ef956a6e624b85609 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 23 Aug 2023 17:50:48 +0200 Subject: [PATCH] gh-107811: tarfile: treat overflow in UID/GID as failure to set it --- Lib/tarfile.py | 3 ++- .../Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst diff --git a/Lib/tarfile.py b/Lib/tarfile.py index a835d00c90c92c..726f9f50ba2e72 100755 --- a/Lib/tarfile.py +++ b/Lib/tarfile.py @@ -2557,7 +2557,8 @@ def chown(self, tarinfo, targetpath, numeric_owner): os.lchown(targetpath, u, g) else: os.chown(targetpath, u, g) - except OSError as e: + except (OSError, OverflowError) as e: + # OverflowError can be raised if an ID doesn't fit in `id_t` raise ExtractError("could not change owner") from e def chmod(self, tarinfo, targetpath): diff --git a/Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst b/Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst new file mode 100644 index 00000000000000..ffca4131db228b --- /dev/null +++ b/Misc/NEWS.d/next/Library/2023-08-23-17-34-39.gh-issue-107811.3Fng72.rst @@ -0,0 +1,3 @@ +:mod:`tarfile`: extraction of members with overly large UID or GID (e.g. on +an OS with 32-bit :c:type:`!id_t`) now fails in the same way as failing to +set the ID.