diff --git a/src/ICSharpCode.SharpZipLib/Tar/TarArchive.cs b/src/ICSharpCode.SharpZipLib/Tar/TarArchive.cs index aa482cc06..6db6b23b9 100644 --- a/src/ICSharpCode.SharpZipLib/Tar/TarArchive.cs +++ b/src/ICSharpCode.SharpZipLib/Tar/TarArchive.cs @@ -613,7 +613,7 @@ public void ExtractContents(string destinationDirectory, bool allowParentTravers throw new ObjectDisposedException("TarArchive"); } - var fullDistDir = Path.GetFullPath(destinationDirectory); + var fullDistDir = Path.GetFullPath(destinationDirectory).TrimEnd('/', '\\'); while (true) { diff --git a/test/ICSharpCode.SharpZipLib.Tests/Tar/TarArchiveTests.cs b/test/ICSharpCode.SharpZipLib.Tests/Tar/TarArchiveTests.cs index e7a2bcd7f..374a9b1e3 100644 --- a/test/ICSharpCode.SharpZipLib.Tests/Tar/TarArchiveTests.cs +++ b/test/ICSharpCode.SharpZipLib.Tests/Tar/TarArchiveTests.cs @@ -13,9 +13,12 @@ public class TarArchiveTests [Test] [Category("Tar")] [Category("CreatesTempFile")] - public void ExtractingContentsWithNonTraversalPathSucceeds() + [TestCase("output")] + [TestCase("output/")] + [TestCase(@"output\", IncludePlatform = "Win")] + public void ExtractingContentsWithNonTraversalPathSucceeds(string outputDir) { - Assert.DoesNotThrow(() => ExtractTarOK("output", "test-good", allowTraverse: false)); + Assert.DoesNotThrow(() => ExtractTarOK(outputDir, "file", allowTraverse: false)); } [Test] @@ -30,12 +33,26 @@ public void ExtractingContentsWithExplicitlyAllowedTraversalPathSucceeds() [Category("Tar")] [Category("CreatesTempFile")] [TestCase("output", "../file")] + [TestCase("output/", "../file")] [TestCase("output", "../output.txt")] public void ExtractingContentsWithDisallowedPathsFails(string outputDir, string fileName) { Assert.Throws(() => ExtractTarOK(outputDir, fileName, allowTraverse: false)); } + [Test] + [Category("Tar")] + [Category("CreatesTempFile")] + [Platform(Include = "Win", Reason = "Backslashes are only treated as path separators on windows")] + [TestCase(@"output\", @"..\file")] + [TestCase(@"output/", @"..\file")] + [TestCase("output", @"..\output.txt")] + [TestCase(@"output\", @"..\output.txt")] + public void ExtractingContentsOnWindowsWithDisallowedPathsFails(string outputDir, string fileName) + { + Assert.Throws(() => ExtractTarOK(outputDir, fileName, allowTraverse: false)); + } + public void ExtractTarOK(string outputDir, string fileName, bool allowTraverse) { var fileContent = Encoding.UTF8.GetBytes("file content");