python:safe_tarfile: Improve safe extract()

This also checks for symlinks and hardlinks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 1f74f9f366d7f107a89220a4a5951bc4daf18025)

Autobuild-User(v4-18-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-18-test): Mon Jun 19 10:29:13 UTC 2023 on atb-devel-224

diff --git a/python/samba/safe_tarfile.py b/python/samba/safe_tarfile.py
index 8535f54f5b394eff070b7e19045e0174c9f64793..7a2b0382a7974f9b27dd9148bf47a2669da24424 100644 (file)
--- a/python/samba/safe_tarfile.py
+++ b/python/samba/safe_tarfile.py
@@ -35,17 +35,7 @@ class TarFile(UnsafeTarFile):
     except AttributeError:
         def extract(self, member, path="", set_attrs=True, *,
                     numeric_owner=False):
-            if isinstance(member, TarInfo):
-                name = member.name
-            else:
-                name = member
-
-            if '../' in name:
-                raise ExtractError(f"'../' is not allowed in path '{name}'")
-
-            if name.startswith('/'):
-                raise ExtractError(f"path '{name}' should not start with '/'")
-
+            self._safetarfile_check()
             super().extract(member, path, set_attrs=set_attrs,
                             numeric_owner=numeric_owner)