From cca0ccaf97997691c492c490d263d2b98328af65 Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Wed, 7 Mar 2018 17:14:51 -0800 Subject: [PATCH] Fix unarchive with strip-components in extra_opts (#37048) * Fix unarchive with strip-components in extra_opts When unarchive is given extra_opts to strip all leading directories, it could end up trying to change the permissions on the root directory. Tar archives shouldn't contain absolute paths anyways so make sure that all paths are relative as we handle them. Fixes #21397 --- lib/ansible/modules/files/unarchive.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/ansible/modules/files/unarchive.py b/lib/ansible/modules/files/unarchive.py index b21a4d3f26b..44651cf994a 100644 --- a/lib/ansible/modules/files/unarchive.py +++ b/lib/ansible/modules/files/unarchive.py @@ -642,9 +642,17 @@ class TgzArchive(object): for filename in out.splitlines(): # Compensate for locale-related problems in gtar output (octal unicode representation) #11348 # filename = filename.decode('string_escape') - filename = codecs.escape_decode(filename)[0] + filename = to_native(codecs.escape_decode(filename)[0]) + if filename and filename not in self.excludes: - self._files_in_archive.append(to_native(filename)) + # We don't allow absolute filenames. If the user wants to unarchive rooted in "/" + # they need to use "dest: '/'". This follows the defaults for gtar, pax, etc. + # Allowing absolute filenames here also causes bugs: https://github.com/ansible/ansible/issues/21397 + if filename.startswith('/'): + filename = filename[1:] + + self._files_in_archive.append(filename) + return self._files_in_archive def is_unarchived(self): @@ -869,6 +877,7 @@ def main(): # do we need to change perms? for filename in handler.files_in_archive: file_args['path'] = os.path.join(dest, filename) + try: res_args['changed'] = module.set_fs_attributes_if_different(file_args, res_args['changed'], expand=False) except (IOError, OSError) as e: