Skip to content

gh-151558: Fix symlink escape via tarfile hardlink-extraction fallback #151559

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
StanFromIreland wants to merge 4 commits into
base: main
Choose a base branch
from
+30 −0
Open

gh-151558: Fix symlink escape via tarfile hardlink-extraction fallback #151559

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
9f81791
Fix bypass
StanFromIreland Jun 10, 2026
e529baf
Update with issue number
StanFromIreland Jun 16, 2026
4a477d6
Seems we don't need Windows gating here?
StanFromIreland Jun 16, 2026
f6bc76e
Validate containment at the write loc but extract the original refere…
StanFromIreland Jun 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions Lib/tarfile.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2784,6 +2784,9 @@ def makelink_with_filter(self, tarinfo, targetpath,
"makelink_with_filter: if filter_function is not None, "
+ "extraction_root must also not be None")
try:
filter_function(
unfiltered.replace(name=tarinfo.name, deep=False),
extraction_root)
filtered = filter_function(unfiltered, extraction_root)
except _FILTER_ERRORS as cause:
raise LinkFallbackError(tarinfo, unfiltered.name) from cause
Expand Down
24 changes: 24 additions & 0 deletions Lib/test/test_tarfile.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4413,6 +4413,30 @@ def test_sneaky_hardlink_fallback(self):
self.expect_file("boom", symlink_to='../../link_here')
self.expect_file("c", symlink_to='b')

@symlink_test
def test_sneaky_hardlink_fallback_deep(self):
# (CVE-2026-11940)
with ArchiveMaker() as arc:
arc.add("a/b/s", symlink_to=os.path.join("..", "escape"))
arc.add("s", hardlink_to=os.path.join("a", "b", "s"))

with self.check_context(arc.open(), 'data'):
e = self.expect_exception(
tarfile.LinkFallbackError,
"link 's' would be extracted as a copy of "
+ "'a/b/s', which was rejected")
self.assertIsInstance(e.__cause__,
tarfile.LinkOutsideDestinationError)

for filter in 'tar', 'fully_trusted':
with self.subTest(filter), self.check_context(arc.open(), filter):
if not os_helper.can_symlink():
self.expect_file("a/")
self.expect_file("a/b/")
else:
self.expect_file("a/b/s", symlink_to=os.path.join('..', 'escape'))
self.expect_file("s", symlink_to=os.path.join('..', 'escape'))

@symlink_test
def test_exfiltration_via_symlink(self):
# (CVE-2025-4138)
Expand Down
3 changes: 3 additions & 0 deletions Misc/NEWS.d/next/Security/2026-06-10-13-08-19.gh-issue-151558.mL74i2.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Fixed an vulnerability in the :mod:`tarfile` ``data`` and ``tar`` extraction
filters where crafted archives could create a symlink pointing outside the
destination directory. This was a bypass of :cve:`2025-4330`.
Loading