From 6f673929eb6f2d5dbc3d437ad214e4be1133585e Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Mon, 21 Apr 2025 09:46:30 +0530
Subject: [PATCH] Fix failure of tarfile extract when dest_path has symlinks

---
 tools/utils/tar.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/tools/utils/tar.go b/tools/utils/tar.go
index 1cc2d3987..7db0050d8 100644
--- a/tools/utils/tar.go
+++ b/tools/utils/tar.go
@@ -171,10 +171,13 @@ func ExtractAllFromTar(tr *tar.Reader, dest_path string, optss ...TarExtractOpti
 	if len(optss) > 0 {
 		opts = optss[0]
 	}
-	dest_path, err = filepath.Abs(dest_path)
-	if err != nil {
+	if dest_path, err = filepath.Abs(dest_path); err != nil {
 		return
 	}
+	if dest_path, err = filepath.EvalSymlinks(dest_path); err != nil {
+		return
+	}
+	dest_path = filepath.Clean(dest_path)
 
 	mode := func(hdr int64) fs.FileMode {
 		return fs.FileMode(hdr) & (fs.ModePerm | fs.ModeSetgid | fs.ModeSetuid | fs.ModeSticky)
@@ -190,6 +193,7 @@ func ExtractAllFromTar(tr *tar.Reader, dest_path string, optss ...TarExtractOpti
 		count++
 		return
 	}
+	needed_prefix := dest_path + string(os.PathSeparator)
 
 	for {
 		var hdr *tar.Header
@@ -208,7 +212,7 @@ func ExtractAllFromTar(tr *tar.Reader, dest_path string, optss ...TarExtractOpti
 		if dest, err = EvalSymlinksThatExist(dest); err != nil {
 			return count, err
 		}
-		if !strings.HasPrefix(filepath.Clean(dest), filepath.Clean(dest_path)+string(os.PathSeparator)) {
+		if !strings.HasPrefix(dest, needed_prefix) {
 			continue
 		}
 		switch hdr.Typeflag {