Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Pass the ARCHIVE_EXTRACT_SECURE_SYMLINKS flag to libarchive
There are archive types which allow to first create a symlink and then later on dereference it. If the symlink points outside of the archive, this results in writing outside of the destination directory. With the ARCHIVE_EXTRACT_SECURE_SYMLINKS option set, libarchive avoids this situation by verifying that none of the target path components are symlinks before writing. Remove the commented out code in the method, which would actually misbehave if enabled again. Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>
- Loading branch information