Submitted By: Oliver Brakmann <obrakmann at gmx dot net>
Date: 2003-09-13
Initial Package Version: 1.13.25
Origin: Bugtraq Mailing List
	http://www.securityfocus.com/archive/1/294574
Description: This patch fixes a security vulnerability by which	a specially
	crafted tarball can be used to overwrite files on the victim's system.
	See http://www.securityfocus.com/archive/1/293362 and following as
	well as references therein for details.

diff -ur tar-1.13.19.orig/src/misc.c tar-1.13.19/src/misc.c
--- tar-1.13.19.orig/src/misc.c	Sat Jan 13 08:59:29 2001
+++ tar-1.13.19/src/misc.c	Sat Sep 28 13:48:03 2002
@@ -206,12 +206,12 @@
       if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
 	return 1;

-      do
+      while (! ISSLASH (*p))
 	{
 	  if (! *p++)
 	    return 0;
 	}
-      while (! ISSLASH (*p));
+      p++;
     }
 }