diff options
Diffstat (limited to 'contrib/libarchive/libarchive/archive_write_disk_posix.c')
-rw-r--r-- | contrib/libarchive/libarchive/archive_write_disk_posix.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/contrib/libarchive/libarchive/archive_write_disk_posix.c b/contrib/libarchive/libarchive/archive_write_disk_posix.c index 9d94de1..f7ef7cb 100644 --- a/contrib/libarchive/libarchive/archive_write_disk_posix.c +++ b/contrib/libarchive/libarchive/archive_write_disk_posix.c @@ -2504,8 +2504,9 @@ cleanup_pathname_win(struct archive_write_disk *a) /* * Canonicalize the pathname. In particular, this strips duplicate * '/' characters, '.' elements, and trailing '/'. It also raises an - * error for an empty path, a trailing '..' or (if _SECURE_NODOTDOT is - * set) any '..' in the path. + * error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is + * set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS + * is set) if the path is absolute. */ static int cleanup_pathname(struct archive_write_disk *a) @@ -2524,8 +2525,15 @@ cleanup_pathname(struct archive_write_disk *a) cleanup_pathname_win(a); #endif /* Skip leading '/'. */ - if (*src == '/') + if (*src == '/') { + if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, + "Path is absolute"); + return (ARCHIVE_FAILED); + } + separator = *src++; + } /* Scan the pathname one element at a time. */ for (;;) { |