diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2007-10-03 20:18:32 +0000 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2007-10-03 20:18:32 +0000 |
commit | 6f6864df139cce4ef347abbf862d6ff401b23c7d (patch) | |
tree | a2d103aee997deb0e553233b9e0c422532704cf5 | |
parent | 519a7c0c75a0e173528c460249de3bdff9494a69 (diff) | |
download | tar-6f6864df139cce4ef347abbf862d6ff401b23c7d.tar.gz |
(try_purge_directory): Ensure that arguments to T and R are safe.
-rw-r--r-- | src/incremen.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/incremen.c b/src/incremen.c index 50be0101..bc5fdade 100644 --- a/src/incremen.c +++ b/src/incremen.c @@ -1410,6 +1410,19 @@ try_purge_directory (char const *directory_name) arc += strlen (arc) + 1; dst = arc + 1; + /* Ensure that neither source nor destination are absolute file + names (unless permitted by -P option), and that they do not + contain dubious parts (e.g. ../). + + This is an extra safety precaution. Besides, it might be + necessary to extract from archives created with tar versions + prior to 1.19. */ + + if (*src) + src = safer_name_suffix (src, false, absolute_names_option); + if (*dst) + dst = safer_name_suffix (dst, false, absolute_names_option); + if (*src == 0) src = temp_stub; else if (*dst == 0) |