From 1f74f9f366d7f107a89220a4a5951bc4daf18025 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 6 Jun 2023 15:38:12 +0200
Subject: [PATCH] python:safe_tarfile: Improve safe extract()

This also checks for symlinks and hardlinks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---
 python/samba/safe_tarfile.py | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/python/samba/safe_tarfile.py b/python/samba/safe_tarfile.py
index 8535f54f5b3..7a2b0382a79 100644
--- a/python/samba/safe_tarfile.py
+++ b/python/samba/safe_tarfile.py
@@ -35,17 +35,7 @@ class TarFile(UnsafeTarFile):
     except AttributeError:
         def extract(self, member, path="", set_attrs=True, *,
                     numeric_owner=False):
-            if isinstance(member, TarInfo):
-                name = member.name
-            else:
-                name = member
-
-            if '../' in name:
-                raise ExtractError(f"'../' is not allowed in path '{name}'")
-
-            if name.startswith('/'):
-                raise ExtractError(f"path '{name}' should not start with '/'")
-
+            self._safetarfile_check()
             super().extract(member, path, set_attrs=set_attrs,
                             numeric_owner=numeric_owner)
 
-- 
2.47.3