From ea5cbe7c7d6a705d0ae7ee1995ae852dcd1c5433 Mon Sep 17 00:00:00 2001
From: sobomax <sobomax@FreeBSD.org>
Date: Sat, 19 Oct 2002 09:32:03 +0000
Subject: Fix security bug in contains_dot_dot routine.

PR:             43575
Submitted by:   Brett Glass <brett@lariat.org>

X-MFC after:	immediately
---
 contrib/tar/src/extract.c | 11 ++++++++++-
 contrib/tar/src/misc.c    |  7 +++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

(limited to 'contrib/tar/src')

diff --git a/contrib/tar/src/extract.c b/contrib/tar/src/extract.c
index e492483..3032da0 100644
--- a/contrib/tar/src/extract.c
+++ b/contrib/tar/src/extract.c
@@ -1026,10 +1026,19 @@ extract_archive (void)
       {
 	struct stat st1, st2;
 	int e;
+	size_t skiplinkcrud;
+
+	if (absolute_names_option)
+	  skiplinkcrud = 0;
+	else {
+	  skiplinkcrud = FILESYSTEM_PREFIX_LEN (current_link_name);
+	  while (ISSLASH (current_link_name[skiplinkcrud]))
+	    skiplinkcrud++;
+	}
 
 	/* MSDOS does not implement links.  However, djgpp's link() actually
 	   copies the file.  */
-	status = link (current_link_name, CURRENT_FILE_NAME);
+	status = link (current_link_name + skiplinkcrud, CURRENT_FILE_NAME);
 
 	if (status == 0)
 	  {
diff --git a/contrib/tar/src/misc.c b/contrib/tar/src/misc.c
index 10851fe..8ece9c6 100644
--- a/contrib/tar/src/misc.c
+++ b/contrib/tar/src/misc.c
@@ -216,6 +216,13 @@ contains_dot_dot (char const *name)
 	    return 0;
 	}
       while (! ISSLASH (*p));
+
+      do
+	{
+	  if (! *p++)
+	    return 0;
+	}
+      while ( ISSLASH (*p));
     }
 }
 
-- 
cgit v1.1