1566 |
|
/* |
1567 |
|
* Canonicalize the pathname. In particular, this strips duplicate |
1568 |
|
* '/' characters, '.' elements, and trailing '/'. It also raises an |
1569 |
< |
* error for an empty path, a trailing '..' or (if _SECURE_NODOTDOT is |
1570 |
< |
* set) any '..' in the path. |
1569 |
> |
* error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is |
1570 |
> |
* set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS |
1571 |
> |
* is set) if the path is absolute. |
1572 |
|
*/ |
1573 |
|
static int |
1574 |
|
cleanup_pathname(struct archive_write_disk *a) |
1587 |
|
cleanup_pathname_win(a); |
1588 |
|
#endif |
1589 |
|
/* Skip leading '/'. */ |
1590 |
< |
if (*src == '/') |
1590 |
> |
if (*src == '/') { |
1591 |
> |
if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { |
1592 |
> |
archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, |
1593 |
> |
"Path is absolute"); |
1594 |
> |
return (ARCHIVE_FAILED); |
1595 |
> |
} |
1596 |
> |
|
1597 |
|
separator = *src++; |
1598 |
+ |
} |
1599 |
|
|
1600 |
|
/* Scan the pathname one element at a time. */ |
1601 |
|
for (;;) { |