Detect tarbombs while extracting

* src/common.h (one_top_level_option): New global. (one_top_level): New global. * src/extract.c (extr_init): If one_top_level_option is set, determine the name one_top_level that might have to be prepended. (extract_archive): If one_top_level_option is set, prepend one_top_level to all names that don't already start with it. * src/tar.c (ONE_TOP_LEVEL_OPTION): New contant. (options): New option --one-top-level. (parse_opt): Handle this option. (decode_options): Make it conflict with --absolute-names.
2014-01-27 14:42:09 +02:00
parent 95a51b93d0
commit 2af87fa277
5 changed files with 93 additions and 0 deletions
--- a/doc/tar.texi
+++ b/doc/tar.texi
@@ -3086,6 +3086,17 @@ Used when creating an archive.  Prevents @command{tar} from recursing into
 directories that are on different file systems from the current
 directory.

+@opsummary{one-top-level}
+@item --one-top-level
+Tells @command{tar} to create a new directory beneath the extraction directory
+(or the one passed to @option{-C}) and use it to guard against tarbombs.  The
+name of the new directory will be equal to the name of the archive with the
+extension stripped off.  If any archive names (after transformations from
+@option{--transform} and @option{--strip-components}) do not already begin with
+it, the new directory will be prepended to the names immediately before
+extraction.  Recognized extensions are @samp{.tar}, @samp{.taz}, @samp{.tbz},
+@samp{.tb2}, @samp{.tgz}, @samp{.tlz} and @samp{.txz}.
+
@opsummary{overwrite}
@item --overwrite