Skip to content

gh-112887: Fix tarfile FilterError handling to skip member extraction #112954

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

gh-112887: Fix tarfile FilterError handling to skip member extraction #112954

wants to merge 3 commits into from

Conversation

mattprodani
Copy link
Contributor

@mattprodani mattprodani commented Dec 11, 2023
edited
Loading

In tarfile library, if a FilterError is raised for a member during TarFile.extract() or TarFile.extractall() with errorlevel set to 0, a debugging message is correctly logged but the unsafe member is still extracted. Based on the documentation and a look at the code, it seems that the desired expectation with errorlevel=0 is to not raise an exception, but skip member extraction and log the error.
Updates tarfile to properly handle FilterError and skip extraction on unsafe members even when an exception is not raised.

This issue was reported on Python 3.11 and should likely be backported as it is a security issue.

From the docs:

When a filter refuses to extract a file, it will raise an appropriate exception, a subclass of FilterError. This will abort the extraction if TarFile.errorlevel is 1 or more. With errorlevel=0 the error will be logged and the member will be skipped, but extraction will continue.

@mattprodani
Fix tarfile FilterError handling to skip member extraction
c981c3d 
In `tarfile` library, FilterError with error_level set to 0 correctly logged a debugging
message but did not properly skip extraction of a member. Updates filter
functions to return None when a FilterError is seen, as stated in docs.
@mattprodani
add and fix tests for filtererror
191998a
@bedevere-app bedevere-app bot mentioned this pull request Dec 11, 2023
Closed
@mattprodani mattprodani changed the title gh-112887: Fix tarfile FilterError handling to skip member extraction gh-112887: [WIP] Fix tarfile FilterError handling to skip member extraction Dec 11, 2023
@mattprodani mattprodani changed the title gh-112887: [WIP] Fix tarfile FilterError handling to skip member extraction gh-112887: Fix tarfile FilterError handling to skip member extraction Dec 12, 2023
@mattprodani mattprodani marked this pull request as ready for review December 12, 2023 20:37
@encukou
Copy link
Member

encukou commented Jun 4, 2025

Thank you for the fix. I included it, in a “Ship of Theseus” style, in #135037 which fixes a few other security issues as well.

I forgot to include you in the Git authorship metadata. I apologize for that. You're credited in What's New though: https://docs.python.org/3.14/whatsnew/3.14.html#tarfile

@encukou encukou closed this Jun 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ethanfurman ethanfurman Awaiting requested review from ethanfurman ethanfurman is a code owner

Assignees
No one assigned
Labels
awaiting review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mattprodani @encukou