Pass the ARCHIVE_EXTRACT_SECURE_SYMLINKS flag to libarchive
There are archive types which allow to first create a symlink and then
later on dereference it. If the symlink points outside of the archive,
this results in writing outside of the destination directory.
With the ARCHIVE_EXTRACT_SECURE_SYMLINKS option set, libarchive avoids
this situation by verifying that none of the target path components are
symlinks before writing.
Remove the commented out code in the method, which would actually
misbehave if enabled again.
Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>
parent
ddd3641e
Please register or sign in to comment