------- Comment #12 from jakub at redhat dot com 2006-07-17 12:21 ------- The patch in #4 is insufficient. Consider paths like ././../.././../etc/passwd which satisfies the depth tests, yet clearly escapes the current dir tree. Another question is about symlinks, if there is a foo -> ../../../../etc symlink in the current tree, then I believe fastjar will happily store foo/passwd into ../../../../etc/passwd, is that something that can be declared as user's fault or should fastjar always canonicalize the filename and don't allow leaving the current directory tree in any way?
-- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359