gh-57911: Sanitize symlink targets in tarfile on win32

wiomoc · wiomoc · commit 382e7c4c68a1 · 2025-08-31T22:14:43.000+02:00
diff --git a/Lib/tarfile.py b/Lib/tarfile.py
@@ -2718,7 +2718,13 @@ def makelink_with_filter(self, tarinfo, targetpath,
                 if os.path.lexists(targetpath):
                     # Avoid FileExistsError on following os.symlink.
                     os.unlink(targetpath)
-                os.symlink(tarinfo.linkname, targetpath)
+                link_target = tarinfo.linkname
+                if os.name == "nt":
+                    # gh-57911: Posix-flavoured forward-slash path separators in
+                    # symlink targets aren't sanitized by Windows automaticly,
+                    # resulting in corrupted links.
+                    link_target = link_target.replace("/", os.path.sep)
+                os.symlink(link_target, targetpath)
                 return
             else:
                 if os.path.exists(tarinfo._link_target):
diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py
@@ -4039,6 +4039,21 @@ def test_absolute_symlink(self):
                 tarfile.AbsoluteLinkError,
                 "'parent' is a link to an absolute path")
 
+    @unittest.skipUnless(os_helper.can_symlink(), 'requires symlink support')
+    @symlink_test
+    def test_symlink_target_sanitized_on_windows(self):
+        with ArchiveMaker() as arc:
+            arc.add('link', symlink_to="relative/test/path")
+
+        with self.check_context(arc.open(), 'fully_trusted'):
+            self.expect_file('link', type=tarfile.SYMTYPE)
+            link_path = os.path.normpath(self.destdir / "link")
+            link_target = os.readlink(link_path)
+            if os.name == "nt":
+                self.assertEqual(link_target, "relative\\test\\path")
+            else:
+                self.assertEqual(link_target, "relative/test/path")
+
     def test_absolute_hardlink(self):
         # Test hardlink to an absolute path
         # Inspired by 'dirsymlink' in https://github.com/jwilk/traversal-archives
diff --git a/Misc/NEWS.d/next/Library/2025-08-31-22-10-22.gh-issue-57911.N_Ixtv.rst b/Misc/NEWS.d/next/Library/2025-08-31-22-10-22.gh-issue-57911.N_Ixtv.rst
@@ -0,0 +1,3 @@
+When extracting tar files on Windows the path of symlink targets will be
+sanitized to use backward-slashes as path separator because Posix flavoured
+path separators result in corrupted links.

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+When extracting tar files on Windows the path of symlink targets will be`
	`2`	`+sanitized to use backward-slashes as path separator because Posix flavoured`
	`3`	`+path separators result in corrupted links.`