Created attachment 809 [details] fix dot-dir extraction data_extract_all_prefix() is trying to remove the leading "./" from pathnames, but it will also catch a leading "./." so dot-directories don't get extracted happily.
Your patch will mishandle ".name" by treating it like "name". How about this? - name_ptr += strspn(name_ptr, "./"); + /* Skip all leading "/" */ + while (*name_ptr == '/') + name_ptr++; + /* Skip all leading "./" and "../" */ + while (name_ptr[0] == '.') { + if (name_ptr[1] == '.' && name_ptr[2] == '/') + name_ptr++; + if (name_ptr[1] != '/') + break; + name_ptr += 2; + }
That's true. I haven't seen a deb data.tar where the entries don't start with "./", but there's no reason it couldn't happen. I don't think we need to strip the leading "../". Looking in get_header_tar.c, it looks like anything beginning with "../" or containing "/../" is rejected.
Created attachment 889 [details] Fix dot-dir extraction v2 OK, this one strips leading "/" and "./", but not ".name".
Fixed in 1.16.0