Merge commit from fork

untar and unzip created symlink entries directly from the archive
without checking that the link target resolved inside the extraction
directory. A tar that planted a symlink whose target pointed above the
output dir, followed by a regular-file entry whose path traversed
through that symlink, allowed Files.newOutputStream to write outside
the caller's chosen target.

This commit adds an ensureSafeSymlinkTarget helper that mirrors the
existing ensureSafeEntry containment check, plus switches the
regular-file write path to open with CREATE_NEW and
LinkOption.NOFOLLOW_LINKS so a pre-existing symlink under the
extraction path cannot be followed.

The shouldRejectSymlinkEscapingTargetOnUntar regression test in
ArchiveUtilsTest builds the malicious tar inline and asserts no file
lands outside target. The existing tar/zip round-trip tests are
updated to construct the source fixture's symlink with a relative
target (the safe form), matching what well-formed OCI layers carry.

Signed-off-by: tonghuaroot <tonghuaroot@gmail.com>

Author: tonghuaroot

src/main/java/land/oras/utils/ArchiveUtils.java

@@ -27,8 +27,10 @@
 import java.io.OutputStream;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
+import java.nio.file.LinkOption;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.nio.file.StandardOpenOption;
 import java.nio.file.attribute.BasicFileAttributes;
 import java.nio.file.attribute.PosixFilePermission;
 import java.util.EnumSet;
@@ -267,6 +269,25 @@ static void ensureSafeEntry(ArchiveEntry entry, Path target) throws IOException
         }
     }
 
+    /**
+     * Ensure that a symlink entry's link target resolves inside the extraction directory.
+     * Stops an archive from planting a symlink that points outside the target tree, which
+     * would otherwise let subsequent regular-file entries write outside the target dir.
+     * @param outputPath The on-disk path where the symlink will be created
+     * @param linkTarget The raw link target string from the archive entry
+     * @param target The extraction root
+     * @throws IOException if the link target escapes the extraction root
+     */
+    static void ensureSafeSymlinkTarget(Path outputPath, Path linkTarget, Path target) throws IOException {
+        Path normalizedTarget = target.toAbsolutePath().normalize();
+        Path resolved =
+                (linkTarget.isAbsolute() ? linkTarget : outputPath.getParent().resolve(linkTarget)).normalize();
+        if (!resolved.startsWith(normalizedTarget)) {
+            throw new IOException(
+                    "Refusing to create symlink that escapes target dir: " + outputPath + " -> " + linkTarget);
+        }
+    }
+
     /**
      * Extract a tar file to a target directory
      * @param path The tar file
@@ -376,11 +397,17 @@ static void unzip(InputStream fis, Path target) {
                             String linkStr = asiField != null
                                     ? asiField.getLinkedFile()
                                     : new String(zais.readAllBytes(), StandardCharsets.UTF_8);
-                            createSymbolicLink(outputPath, Paths.get(linkStr));
+                            Path linkPath = Paths.get(linkStr);
+                            ensureSafeSymlinkTarget(outputPath, linkPath, target);
+                            createSymbolicLink(outputPath, linkPath);
                         } else {
                             LOG.debug("Extracting file: {}", entry.getName());
                             Files.createDirectories(outputPath.getParent());
-                            try (OutputStream out = Files.newOutputStream(outputPath)) {
+                            try (OutputStream out = Files.newOutputStream(
+                                    outputPath,
+                                    StandardOpenOption.CREATE_NEW,
+                                    StandardOpenOption.WRITE,
+                                    LinkOption.NOFOLLOW_LINKS)) {
                                 zais.transferTo(out);
                             }
                         }
@@ -425,9 +452,15 @@ public static void untar(InputStream fis, Path target) {
 
                         // Restore file permissions (optional, based on your need)
                         if (entry.isSymbolicLink()) {
-                            createSymbolicLink(outputPath, Paths.get(entry.getLinkName()));
+                            Path linkPath = Paths.get(entry.getLinkName());
+                            ensureSafeSymlinkTarget(outputPath, linkPath, target);
+                            createSymbolicLink(outputPath, linkPath);
                         } else {
-                            try (OutputStream out = Files.newOutputStream(outputPath)) {
+                            try (OutputStream out = Files.newOutputStream(
+                                    outputPath,
+                                    StandardOpenOption.CREATE_NEW,
+                                    StandardOpenOption.WRITE,
+                                    LinkOption.NOFOLLOW_LINKS)) {
                                 tais.transferTo(out);
                             }
                             if (OsUtils.isPosixFileSystemSupported()) {

src/test/java/land/oras/utils/ArchiveUtilsTest.java

@@ -33,6 +33,7 @@
 import land.oras.LocalPath;
 import land.oras.exception.OrasException;
 import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
+import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
@@ -92,10 +93,11 @@ static void beforeAll() throws Exception {
         Files.writeString(file2, "file2");
         Files.writeString(file4, "file4");
 
-        // Create one symlink file3 -> file1
+        // Create one symlink file3 -> file1 (use a relative target so the extracted
+        // symlink stays inside the extraction directory; absolute targets would escape)
         if (OsUtils.isPosixFileSystemSupported()) {
             Path file3 = dir1.resolve("file3");
-            Files.createSymbolicLink(file3, file1);
+            Files.createSymbolicLink(file3, Paths.get("file1"));
 
             // Add 777 permission to file2
             Files.setPosixFilePermissions(
@@ -328,4 +330,43 @@ void shouldCreateTarZstdAndExtractIt() throws Exception {
         Path temp = ArchiveUtils.uncompressuntar(compressedArchive, directory.getMediaType());
         assertTrue(Files.exists(temp), "Temp should exist");
     }
+
+    /**
+     * Verify that untar rejects a tar that plants a symlink whose target escapes
+     * the extraction directory, even when the entry name itself stays under target.
+     * A second regular-file entry whose name traverses through the planted symlink
+     * would otherwise resolve to a path outside target.
+     */
+    @Test
+    void shouldRejectSymlinkEscapingTargetOnUntar(@TempDir Path tmp) throws IOException {
+        if (!OsUtils.isPosixFileSystemSupported()) {
+            return;
+        }
+        Path target = tmp.resolve("safe-output");
+        Files.createDirectories(target);
+        Path escapeFile = tmp.resolve("ESCAPED.txt");
+        Files.deleteIfExists(escapeFile);
+
+        Path mtar = tmp.resolve("malicious.tar");
+        try (TarArchiveOutputStream tout = new TarArchiveOutputStream(Files.newOutputStream(mtar))) {
+            tout.setLongFileMode(TarArchiveOutputStream.LONGFILE_POSIX);
+
+            TarArchiveEntry symlinkEntry = new TarArchiveEntry("evil-link", TarArchiveEntry.LF_SYMLINK);
+            symlinkEntry.setLinkName(tmp.toAbsolutePath().toString());
+            symlinkEntry.setMode(0777);
+            tout.putArchiveEntry(symlinkEntry);
+            tout.closeArchiveEntry();
+
+            byte[] data = "should not land outside target\n".getBytes();
+            TarArchiveEntry fileEntry = new TarArchiveEntry("evil-link/ESCAPED.txt");
+            fileEntry.setSize(data.length);
+            fileEntry.setMode(0644);
+            tout.putArchiveEntry(fileEntry);
+            tout.write(data);
+            tout.closeArchiveEntry();
+        }
+
+        assertThrows(OrasException.class, () -> ArchiveUtils.untar(mtar, target));
+        assertFalse(Files.exists(escapeFile), "Symlink-target escape must not create a file outside target");
+    }
 }