From cb263f13b151da7676794288b3dc688ea349ec54 Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Wed, 8 Oct 2025 14:10:24 -0400 Subject: [PATCH] qubes-fs-tree-check: Use relative source path for validation qubes_pure_validate_symbolic_link_v2() checks that the symlink is not to be written to an absolute path. qfile-unpacker correctly passes a relattive path to this function, but qubes-fs-tree-check wrongly passed an absolute path. As a result, operations like 'qvm-copy ~/something' where ~/something contains symlinks are wrongly rejected. Fixes QubesOS/qubes-issues#10284 --- qubes-rpc/qubes-fs-tree-check.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/qubes-rpc/qubes-fs-tree-check.c b/qubes-rpc/qubes-fs-tree-check.c index 6c8e790b1..4f6050132 100644 --- a/qubes-rpc/qubes-fs-tree-check.c +++ b/qubes-rpc/qubes-fs-tree-check.c @@ -287,10 +287,12 @@ int main(int argc, char **argv) size_t bname_len = strlen(bname); if (bname_len < 3 && memcmp("..", bname, bname_len) == 0) errx(1, "Refusing to copy path with basename empty, ., or .."); + if (bname[0] == '/') + errx(1, "Refusing to copy root directory"); int dir_fd = open(dname, O_RDONLY | O_DIRECTORY | O_CLOEXEC | O_NOCTTY); if (dir_fd < 0) err(1, "open(%s)", escaped); - if (process_dirent(bname, dir_fd, flags, argv[i], ignore_symlinks, + if (process_dirent(bname, dir_fd, flags, bname, ignore_symlinks, escaped, &size)) bad = true; free(dup2);