$OpenBSD: patch-libarchive_archive_write_disk_posix_c,v 1.1 2016/01/30 23:34:44 naddy Exp $

CVE-2015-2304
Commit 5935715
    Add ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS option
    This fixes a directory traversal in the cpio tool.

--- libarchive/archive_write_disk_posix.c.orig	Fri Feb  8 01:52:07 2013
+++ libarchive/archive_write_disk_posix.c	Sat Jan 30 21:33:16 2016
@@ -2504,8 +2504,9 @@ cleanup_pathname_win(struct archive_write_disk *a)
 /*
  * Canonicalize the pathname.  In particular, this strips duplicate
  * '/' characters, '.' elements, and trailing '/'.  It also raises an
- * error for an empty path, a trailing '..' or (if _SECURE_NODOTDOT is
- * set) any '..' in the path.
+ * error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is
+ * set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS
+ * is set) if the path is absolute.
  */
 static int
 cleanup_pathname(struct archive_write_disk *a)
@@ -2524,8 +2525,15 @@ cleanup_pathname(struct archive_write_disk *a)
 	cleanup_pathname_win(a);
 #endif
 	/* Skip leading '/'. */
-	if (*src == '/')
+	if (*src == '/') {
+		if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
+			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+			                  "Path is absolute");
+			return (ARCHIVE_FAILED);
+		}
+
 		separator = *src++;
+	}
 
 	/* Scan the pathname one element at a time. */
 	for (;;) {
