X-Git-Url: https://git.dogcows.com/gitweb?a=blobdiff_plain;ds=sidebyside;f=src%2Fincremen.c;h=d570082e2bf8055ad9df6aa844a80d3dfe77ff71;hb=32562b941207be3c41589dee45f32c022785c668;hp=50be0101e716e632fa5e262df76c6986335d8643;hpb=1ef212d0fbf8eec055b6146bbe9a725f6ca190b3;p=chaz%2Ftar

diff --git a/src/incremen.c b/src/incremen.c
index 50be010..d570082 100644
--- a/src/incremen.c
+++ b/src/incremen.c
@@ -336,7 +336,6 @@ procdir (char *name_buffer, struct stat *stat_data,
 
   {
     const char *tag_file_name;
-    size_t len;
     
     switch (check_exclusion_tags (name_buffer, &tag_file_name))
       {
@@ -1410,6 +1409,19 @@ try_purge_directory (char const *directory_name)
 	  arc += strlen (arc) + 1;
 	  dst = arc + 1;
 
+	  /* Ensure that neither source nor destination are absolute file
+	     names (unless permitted by -P option), and that they do not
+	     contain dubious parts (e.g. ../).
+
+	     This is an extra safety precaution. Besides, it might be
+	     necessary to extract from archives created with tar versions
+	     prior to 1.19. */
+	  
+	  if (*src)
+	    src = safer_name_suffix (src, false, absolute_names_option);
+	  if (*dst)
+	    dst = safer_name_suffix (dst, false, absolute_names_option);
+	  
 	  if (*src == 0)
 	    src = temp_stub;
 	  else if (*dst == 0)