From b1d4c528b99fa080eee67358dd0e53e0fa3b3021 Mon Sep 17 00:00:00 2001
From: xanonid <xanonid@gmail.com>
Date: Tue, 25 Sep 2018 18:31:50 +0200
Subject: [PATCH] Prevent following symlinks during extracting normal files

This fixes #359, #361, #362.
---
 integration/dockerfiles/Dockerfile_test_replaced_symlinks | 2 ++
 pkg/util/fs_util.go                                       | 7 +++++++
 2 files changed, 9 insertions(+)
 create mode 100644 integration/dockerfiles/Dockerfile_test_replaced_symlinks

diff --git a/integration/dockerfiles/Dockerfile_test_replaced_symlinks b/integration/dockerfiles/Dockerfile_test_replaced_symlinks
new file mode 100644
index 0000000000..70e3d1f2bd
--- /dev/null
+++ b/integration/dockerfiles/Dockerfile_test_replaced_symlinks
@@ -0,0 +1,2 @@
+FROM tenstartups/alpine@sha256:31dc8b12e0f73a1de899146c3663644b7668f8fd198cfe9b266886c9abfa944b
+RUN pwd
diff --git a/pkg/util/fs_util.go b/pkg/util/fs_util.go
index 029b91c1bd..b7c2baddfa 100644
--- a/pkg/util/fs_util.go
+++ b/pkg/util/fs_util.go
@@ -186,6 +186,13 @@ func extractFile(dest string, hdr *tar.Header, tr io.Reader) error {
 				return err
 			}
 		}
+		// Check if something already exists at path (symlinks etc.)
+		// If so, delete it
+		if FilepathExists(path) {
+			if err := os.Remove(path); err != nil {
+				return errors.Wrapf(err, "error removing %s to make way for new file.", path)
+			}
+		}
 		currFile, err := os.Create(path)
 		if err != nil {
 			return err