(try_purge_directory): Ensure that arguments to T and R are safe.

author Sergey Poznyakoff <gray@gnu.org.ua>

Wed, 3 Oct 2007 20:18:32 +0000 (20:18 +0000)

committer Sergey Poznyakoff <gray@gnu.org.ua>

Wed, 3 Oct 2007 20:18:32 +0000 (20:18 +0000)
author Sergey Poznyakoff <gray@gnu.org.ua>
Wed, 3 Oct 2007 20:18:32 +0000 (20:18 +0000)
committer Sergey Poznyakoff <gray@gnu.org.ua>
Wed, 3 Oct 2007 20:18:32 +0000 (20:18 +0000)
diff --git a/src/incremen.c b/src/incremen.c

index 50be0101e716e632fa5e262df76c6986335d8643..bc5fdaded62509ed85bf5b4b9f50a37ad2223489 100644 (file)
--- a/src/incremen.c
+++ b/src/incremen.c
@@ -1410,6 +1410,19 @@ try_purge_directory (char const *directory_name)
           arc += strlen (arc) + 1;
           dst = arc + 1;
  
+         /* Ensure that neither source nor destination are absolute file
+            names (unless permitted by -P option), and that they do not
+            contain dubious parts (e.g. ../).
+
+            This is an extra safety precaution. Besides, it might be
+            necessary to extract from archives created with tar versions
+            prior to 1.19. */
+         
+         if (*src)
+           src = safer_name_suffix (src, false, absolute_names_option);
+         if (*dst)
+           dst = safer_name_suffix (dst, false, absolute_names_option);
+         
           if (*src == 0)
             src = temp_stub;
           else if (*dst == 0)
author	Sergey Poznyakoff <gray@gnu.org.ua>
	Wed, 3 Oct 2007 20:18:32 +0000 (20:18 +0000)
committer	Sergey Poznyakoff <gray@gnu.org.ua>
	Wed, 3 Oct 2007 20:18:32 +0000 (20:18 +0000)