Paul Eggert 75b03fdff4 Use openat2 to jailify the extraction directory ...

This addresses CVE-2025-45582.
* gnulib.modules: Add openat2.
* src/misc.c (open_subdir): New static function.
(fdbase_opendir): Use it.
* src/tar.c (open_searchdir_how): New var, replacing and
augmenting open_searchdir_flags.  All uses changed.
* tests/extrac31.at: New file.
* tests/Makefile (TESTSUITE_AT), tests/testuite.at: Add it.

2025-11-15 15:10:48 -08:00

1.9 KiB

Raw Blame History

View Raw