gh-57911: Sanitize symlink targets in tarfile on win32 (GH-138309)

2025-12-01 15:24:51 +00:00 · 2025-09-05 16:19:47 +02:00 · 2025-09-05 16:19:47 +02:00 · c1a9c23195
commit c1a9c23195
parent e76464d161
4 changed files with 71 additions and 42 deletions
--- a/Lib/tarfile.py
+++ b/Lib/tarfile.py
@ -2718,7 +2718,13 @@ class TarFile(object):
                if os.path.lexists(targetpath):
                    # Avoid FileExistsError on following os.symlink.
                    os.unlink(targetpath)
-                os.symlink(tarinfo.linkname, targetpath)
+                link_target = tarinfo.linkname
+                if os.name == "nt":
+                    # gh-57911: Posix-flavoured forward-slash path separators in
+                    # symlink targets aren't acknowledged by Windows, resulting
+                    # in corrupted links.
+                    link_target = link_target.replace("/", os.path.sep)
+                os.symlink(link_target, targetpath)
                return
            else:
                if os.path.exists(tarinfo._link_target):