From 20a61371de5b51380bbdb0c7935b30b0625ac227 Mon Sep 17 00:00:00 2001
From: Adin Schmahmann <adin.schmahmann@gmail.com>
Date: Tue, 1 Dec 2020 13:18:14 -0500
Subject: [PATCH] more closely match default tar errors (GNU + BSD binaries)

---
 extractor.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/extractor.go b/extractor.go
index 0088c71..7266dde 100644
--- a/extractor.go
+++ b/extractor.go
@@ -104,7 +104,12 @@ func (te *Extractor) Sanitize(toggle bool) {
 
 // outputPath returns the path at which to place tarPath
 func (te *Extractor) outputPath(tarPath string) (outPath string, err error) {
-	elems := strings.Split(tarPath, "/")    // break into elems
+	elems := strings.Split(tarPath, "/") // break into elems
+	for _, e := range elems {
+		if e == ".." {
+			return "", fmt.Errorf("%s : path contains '..'", tarPath)
+		}
+	}
 	elems = elems[1:]                       // remove original root
 	outPath = strings.Join(elems, "/")      // join elems
 	outPath = gopath.Join(te.Path, outPath) // rebase on to extraction target root