Merging internal commits for release/9.0#128092
Merged
svick merged 16 commits intoMay 13, 2026
Merged
Conversation
…edAttributes size in TarHeader Adds check for the "size" attribute in the ExdendedAttributes section of a tar file to prevent infinite loop with negative size. Follows the same throw logic for TarHeader's size. The negative sized tar file cannot be reproduced using .NET, hence the lack of tests. ---- #### AI description (iteration 1) #### PR Classification Bug fix to add validation for negative size values in TAR extended attributes. #### PR Summary Adds a safety check to prevent negative size values when reading TAR extended attributes from the PaxEaSize field, throwing an `InvalidDataException` if a negative size is encountered. - `TarHeader.Read.cs`: Added validation to check if the extended attributes size is negative before assignment, throwing `InvalidDataException` with `TarSizeFieldNegative` error message if true. <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot -->
Fix Windows tar vulnerability that allows creating a symlink to a file (and only a file, not a directory) to anywhere on the same drive where the tar is extracted. ---- #### AI description (iteration 1) #### PR Classification Bug fix to address incorrect symlink validation on Windows when extracting tar files with rooted paths. #### PR Summary Fixes symlink path validation in tar extraction on Windows by replacing `Path.IsPathFullyQualified` with `Path.IsPathRooted` and adding `Path.GetFullPath` calls to properly detect and reject symlinks pointing outside the destination directory. - `TarEntry.cs`: Changed symlink validation logic from `Path.IsPathFullyQualified` to `Path.IsPathRooted` with `Path.GetFullPath` for both entry names and link targets to correctly identify rooted paths on Windows - `TarFile.ExtractToDirectory.File.Tests.Windows.cs`: Added test case `ExtractToDirectory_RejectsSymlinkWithRootedTargetOutsideDestination` to verify symlinks with rooted targets outside the destination are properly rejected <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot -->
…hannelVersion 2.4.18 Updated Versions.props - MicrosoftNativeQuicMsQuicSchannelVersion 2.4.18 ---- #### AI description (iteration 1) #### PR Classification Dependency version update to upgrade the MsQuic Schannel package from version 2.4.17 to 2.4.18. #### PR Summary This pull request updates the MsQuic Schannel dependency to a newer patch version. - `/eng/Versions.props`: Updated `MicrosoftNativeQuicMsQuicSchannelVersion` from 2.4.17 to 2.4.18 <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot -->
…-merge-9.0-2026-05-12-1247
Contributor
There was a problem hiding this comment.
Pull request overview
This PR merges internal release/9.0 changes that harden System.Formats.Tar extraction behavior (Windows symlink target validation and PAX size validation) and updates an external dependency version.
Changes:
- Add a Windows-specific regression test ensuring extraction rejects symlinks with rooted-but-not-fully-qualified targets that would escape the destination.
- Reject negative PAX extended-attribute
sizevalues during header read. - Bump MsQuic Schannel package version.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| src/libraries/System.Formats.Tar/tests/TarFile/TarFile.ExtractToDirectory.File.Tests.Windows.cs | Adds a Windows regression test for rejecting unsafe rooted symlink targets during extraction. |
| src/libraries/System.Formats.Tar/src/System/Formats/Tar/TarHeader.Read.cs | Adds validation to throw on negative PAX size values. |
| src/libraries/System.Formats.Tar/src/System/Formats/Tar/TarEntry.cs | Adds Windows-specific rejection for rooted-but-not-fully-qualified symlink targets; includes formatting-only indentation change. |
| eng/Versions.props | Updates MsQuic Schannel version to 2.4.18. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
hoyosjs
approved these changes
May 13, 2026
Member
|
/ba-g only known errors |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.