Fix a bug reported by Ulf Harnhammar:
gzip: dir traversal bug when using "gunzip -N"

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255
http://bugs.gentoo.org/show_bug.cgi?id=89946

Patch by Mike Frysinger

--- gzip.c
+++ gzip.c
@@ -1319,6 +1319,19 @@
                 char *base = p;
 		for (;;) {
 		    *p = (char)get_char();
+
+		    /* Don't allow embedded names to contain paths. */
+		    if (*p == PATH_SEP
+#ifdef PATH_SEP2
+			|| *p == PATH_SEP2
+#endif
+#ifdef PATH_SEP3
+			|| *p == PATH_SEP3
+#endif
+		    ) {
+			p = base;
+			continue;
+		    }
 		    if (*p++ == '\0') break;
 		    if (p >= ofname+sizeof(ofname)) {
 			error("corrupted input -- file name too large");