Use O_NOFOLLOW to avoid traversing symlinks when restoring data-carrying hardlinks.

TODO: Consider using this flag in other situations as well.

Thanks to Pavel Raiskup.

diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
index 3a8eaf602e272e66f5bfb8735cf2e554b04ad067..17c23b00445783821a93e3864080bd868cef4f63 100644 (file)
--- a/libarchive/archive_write_disk_posix.c
+++ b/libarchive/archive_write_disk_posix.c
@@ -140,7 +140,17 @@ __FBSDID("$FreeBSD$");
 #define O_BINARY 0
 #endif
 #ifndef O_CLOEXEC
-#define O_CLOEXEC      0
+#define O_CLOEXEC 0
+#endif
+
+/* Ignore non-int O_NOFOLLOW constant. */
+/* gnulib's fcntl.h does this on AIX, but it seems practical everywhere */
+#if defined O_NOFOLLOW && !(INT_MIN <= O_NOFOLLOW && O_NOFOLLOW <= INT_MAX)
+#undef O_NOFOLLOW
+#endif
+
+#ifndef O_NOFOLLOW
+#define O_NOFOLLOW 0
 #endif
 
 struct fixup_entry {
@@ -2067,7 +2077,7 @@ create_filesystem_object(struct archive_write_disk *a)
                        a->deferred = 0;
                } else if (r == 0 && a->filesize > 0) {
                        a->fd = open(a->name,
-                                    O_WRONLY | O_TRUNC | O_BINARY | O_CLOEXEC);
+                                    O_WRONLY | O_TRUNC | O_BINARY | O_CLOEXEC | O_NOFOLLOW);
                        __archive_ensure_cloexec_flag(a->fd);
                        if (a->fd < 0)
                                r = errno;