2006-07-17  Richard Guenther  <rguenther@suse.de>

	* jartool.c (extract_jar): Do not allow directory traversal
	to parents of the extraction root.

Index: jartool.c
===================================================================
*** jartool.c	(revision 115517)
--- jartool.c	(working copy)
*************** int extract_jar(int fd, char **files, in
*** 1736,1741 ****
--- 1736,1742 ----
        const ub1 *start = filename;
        char *tmp_buff;
        struct stat sbuf;
+       int depth = 0;
  
        tmp_buff = malloc(sizeof(char) * strlen((const char *)filename));
  
*************** int extract_jar(int fd, char **files, in
*** 1756,1762 ****
  #ifdef DEBUG    
          printf("checking the existance of %s\n", tmp_buff);
  #endif
! 
          if(stat(tmp_buff, &sbuf) < 0){
            if(errno != ENOENT){
              perror("stat");
--- 1757,1770 ----
  #ifdef DEBUG    
          printf("checking the existance of %s\n", tmp_buff);
  #endif
! 	if(strcmp(tmp_buff, "..") == 0){
! 	  --depth;
! 	  if (depth < 0){
! 	    fprintf(stderr, "Traversal to parent directories during unpacking!\n");
! 	    exit(1);
! 	  }
! 	} else if (strcmp(tmp_buff, ".") != 0)
! 	  ++depth;
          if(stat(tmp_buff, &sbuf) < 0){
            if(errno != ENOENT){
              perror("stat");