(checkout): Use URL of the gnulib CVS mirror.

[chaz/tar] / src / incremen.c

diff --git a/src/incremen.c b/src/incremen.c
index acccb8f605753ff9170a9b94479540521bd3d845..d570082e2bf8055ad9df6aa844a80d3dfe77ff71 100644 (file)
--- a/src/incremen.c
+++ b/src/incremen.c
@@ -336,7 +336,6 @@ procdir (char *name_buffer, struct stat *stat_data,
 
   {
     const char *tag_file_name;
-    size_t len;
     
     switch (check_exclusion_tags (name_buffer, &tag_file_name))
       {
@@ -609,10 +608,17 @@ get_directory_contents (char *dir, dev_t device)
 static void
 obstack_code_rename (struct obstack *stk, char *from, char *to)
 {
+  char *s;
+
+  s = from[0] == 0 ? from :
+                     safer_name_suffix (from, false, absolute_names_option);
   obstack_1grow (stk, 'R');
-  obstack_grow (stk, from, strlen (from) + 1);
+  obstack_grow (stk, s, strlen (s) + 1);
+
+  s = to[0] == 0 ? to:
+                   safer_name_suffix (to, false, absolute_names_option);
   obstack_1grow (stk, 'T');
-  obstack_grow (stk, to, strlen (to) + 1);
+  obstack_grow (stk, s, strlen (s) + 1);
 }
 
 static bool
@@ -1403,6 +1409,19 @@ try_purge_directory (char const *directory_name)
          arc += strlen (arc) + 1;
          dst = arc + 1;
 
+         /* Ensure that neither source nor destination are absolute file
+            names (unless permitted by -P option), and that they do not
+            contain dubious parts (e.g. ../).
+
+            This is an extra safety precaution. Besides, it might be
+            necessary to extract from archives created with tar versions
+            prior to 1.19. */
+         
+         if (*src)
+           src = safer_name_suffix (src, false, absolute_names_option);
+         if (*dst)
+           dst = safer_name_suffix (dst, false, absolute_names_option);
+         
          if (*src == 0)
            src = temp_stub;
          else if (*dst == 0)