From 574b8ba57f60bd2532282c991adf51d2e404cdef Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Wed, 8 Oct 2025 14:21:08 -0400 Subject: [PATCH] qvm-copy: Allow non-canonical symbolic links These are used in the wild. For instance, Busybox includes symlinks to './busybox' instead of just 'busybox'. Fixes QubesOS/qubes-issues#10308 --- qubes-rpc/qfile-unpacker.c | 2 +- qubes-rpc/qubes-fs-tree-check.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/qubes-rpc/qfile-unpacker.c b/qubes-rpc/qfile-unpacker.c index aa14244c..a21c1a5a 100644 --- a/qubes-rpc/qfile-unpacker.c +++ b/qubes-rpc/qfile-unpacker.c @@ -106,7 +106,7 @@ int main(int argc, char ** argv) char *procdir_path; int procfs_fd; int i, ret; - int flags = COPY_ALLOW_SYMLINKS | COPY_ALLOW_DIRECTORIES; + int flags = COPY_ALLOW_SYMLINKS | COPY_ALLOW_DIRECTORIES | COPY_ALLOW_NON_CANONICAL_SYMLINKS; if (argc < 1) errx(EXIT_FAILURE, "NULL argv[0] passed to execve()"); if (argc >= 3 && argv[1][0] >= '0' && argv[1][0] <= '9') { diff --git a/qubes-rpc/qubes-fs-tree-check.c b/qubes-rpc/qubes-fs-tree-check.c index 6c8e790b..8c216837 100644 --- a/qubes-rpc/qubes-fs-tree-check.c +++ b/qubes-rpc/qubes-fs-tree-check.c @@ -146,7 +146,8 @@ process_dirent(const char *d_name, int fd, int flags, const char *name, // charset checks done already, do not repeat them if (qubes_pure_validate_symbolic_link_v2((const uint8_t *)name, (const uint8_t *)buf, - QUBES_PURE_ALLOW_UNSAFE_CHARACTERS) < 0) + QUBES_PURE_ALLOW_UNSAFE_CHARACTERS | + QUBES_PURE_ALLOW_NON_CANONICAL_SYMLINKS) < 0) errx(1, "Refusing to copy unsafe symbolic link %s", escaped); free(buf); return bad;