Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The TarReader class now validates the checksum of TAR archive entries during the reading process. If an entry's checksum is invalid, TarReader throws an InvalidDataException. This change improves data integrity by ensuring that corrupted or tampered TAR files are detected and flagged during processing.
Version introduced
.NET 11 Preview 1
Previous behavior
Previously, when reading a TAR archive with an invalid checksum, TarReader ignored the checksum mismatch and continued processing the archive without throwing an exception.
Example code:
using System.Formats.Tar;
using System.IO;
using var stream = File.OpenRead("bad-cksum.tar");
using var reader = new TarReader(stream);
while (reader.GetNextEntry() is not null)
{
// Process entries, even if the checksum is invalid.
}
If the TAR file bad-cksum.tar contained an entry with an invalid checksum, the code would process the entry without any indication of the issue.
New behavior
Starting in .NET 11, when reading a TAR archive with an invalid checksum, TarReader throws an InvalidDataException and stops processing the archive. The exception message indicates the checksum validation failure.
Type of breaking change
This change is a behavioral change.
Reason for change
This change was introduced to improve the reliability and security of the System.Formats.Tar library. By validating checksums, TarReader can detect and prevent the use of corrupted or tampered TAR files, ensuring that only valid data is processed. For more information, see dotnet/runtime#118577 and dotnet/runtime#117455.
Recommended action
If your application relies on the TarReader to process TAR archives:
- Update your code to handle the InvalidDataException that might be thrown when a checksum validation fails.
- Ensure that the TAR files being processed are valid and have correct checksums. If you encounter checksum failures, verify the integrity of the source TAR files.
- If you need to process TAR files with invalid checksums for specific scenarios, consider implementing custom error handling or preprocessing the files to correct the checksums.
Updated example:
using System.Formats.Tar;
using System.IO;
try
{
using var stream = File.OpenRead("archive.tar");
using var reader = new TarReader(stream);
while (reader.GetNextEntry() is not null)
{
// Process entries.
}
}
catch (InvalidDataException ex)
{
Console.WriteLine($"Error reading TAR archive: {ex.Message}");
// Handle invalid checksum scenario.
}
Affected APIs
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
