8000 [3.11] gh-135034: Normalize link targets in tarfile, add `os.path.realpath(strict='allow_missing')` (GH-135037) by Yhg1s · Pull Request #135068 · python/cpython · GitHub
[go: up one dir, main page]

Skip to content

[3.11] gh-135034: Normalize link targets in tarfile, add os.path.realpath(strict='allow_missing') (GH-135037) #135068

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Jun 3, 2025
Prev Previous commit
Next Next commit
Stop using :cve:, which doesn't work in 3.11 and earlier.
  • Loading branch information
Yhg1s committed Jun 3, 2025
commit 8ab383f9fb42085bf552da6aeb4f5148677f6459
10 changes: 5 additions & 5 deletions Doc/whatsnew/3.11.rst
Original file line number Diff line number Diff line change
Expand Up @@ -2798,25 +2798,25 @@ os.path
:data:`os.path.ALLOW_MISSING`.
If used, errors other than :exc:`FileNotFoundError` will be re-raised;
the resulting path can be missing but it will be free of symlinks.
(Contributed by Petr Viktorin for :cve:`2025-4517`.)
(Contributed by Petr Viktorin for CVE 2025-4517.)

tarfile
-------

* :func:`~tarfile.data_filter` now normalizes symbolic link targets in order to
avoid path traversal attacks.
(Contributed by Petr Viktorin in :gh:`127987` and :cve:`2025-4138`.)
(Contributed by Petr Viktorin in :gh:`127987` and CVE 2025-4138.)
* :func:`~tarfile.TarFile.extractall` now skips fixing up directory attributes
when a directory was removed or replaced by another kind of file.
(Contributed by Petr Viktorin in :gh:`127987` and :cve:`2024-12718`.)
(Contributed by Petr Viktorin in :gh:`127987` and CVE 2024-12718.)
* :func:`~tarfile.TarFile.extract` and :func:`~tarfile.TarFile.extractall`
now (re-)apply the extraction filter when substituting a link (hard or
symbolic) with a copy of another archive member, and when fixing up
directory attributes.
The former raises a new exception, :exc:`~tarfile.LinkFallbackError`.
(Contributed by Petr Viktorin for :cve:`2025-4330` and :cve:`2024-12718`.)
(Contributed by Petr Viktorin for CVE 2025-4330 and CVE 2024-12718.)
* :func:`~tarfile.TarFile.extract` and :func:`~tarfile.TarFile.extractall`
no longer extract rejected members when
:func:`~tarfile.TarFile.errorlevel` is zero.
(Contributed by Matt Prodani and Petr Viktorin in :gh:`112887`
and :cve:`2025-4435`.)
and CVE 2025-4435.)
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@ Fixes multiple issues that allowed ``tarfile`` extraction filters
(``filter="data"`` and ``filter="tar"``) to be bypassed using crafted
symlinks and hard links.

Addresses :cve:`2024-12718`, :cve:`2025-4138`, :cve:`2025-4330`, and :cve:`2025-4517`.
Addresses CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and CVE 2025-4517.

Loading
0