From dfb00a257e35d61c74fa0e8ad86ef4e6a4429c74 Mon Sep 17 00:00:00 2001
From: Philipp Gesang <philipp.gesang@intra2net.com>
Date: Thu, 3 Nov 2016 14:31:14 +0100
Subject: [PATCH] delay only absolute symlinks and those pointing to parent dirs

Only apply the symlink hook on those with fishy targets. Internal
symlinks need not be contained so they can be applied as-is.
---
 deltatar/tarfile.py |   26 +++++++++++++++++++++++++-
 1 files changed, 25 insertions(+), 1 deletions(-)

diff --git a/deltatar/tarfile.py b/deltatar/tarfile.py
index 713423c..78da665 100644
--- a/deltatar/tarfile.py
+++ b/deltatar/tarfile.py
@@ -275,6 +275,28 @@ def filemode(mode):
                   DeprecationWarning, 2)
     return stat.filemode(mode)
 
+def contains_dot_dot(name):
+    """Check whether a path contains double dots thus referring to the parent
+       directory.
+    """
+    l = len(name)
+    if l < 2:
+        return False
+    p = 0
+    while True:
+        if name[p] == '.' and name[p + 1] == '.':
+            ppp = p + 2
+            if ppp == l or name[ppp] == '/':
+                return True
+        while name[p] != '/':
+            if p == l - 2:
+                return False
+            p += 1
+        if p == l - 2:
+            break
+        p += 1
+    return False
+
 class TarError(Exception):
     """Base exception."""
     pass
@@ -2659,7 +2681,9 @@ class TarFile(object):
         if tarinfo.islnk():
             tarinfo._link_target = os.path.join(path, tarinfo.linkname)
 
-        if symlink_cb is not None and tarinfo.issym():
+        if symlink_cb is not None and tarinfo.issym() \
+                and (os.path.isabs(tarinfo.linkname)
+                     or contains_dot_dot(tarinfo.linkname)):
             return symlink_cb(tarinfo, path, set_attrs)
 
         try:
-- 
1.7.1