From afade05e2a38a01b59d2a02da36faada5ebdb4fe Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Thu, 25 Apr 2024 21:19:07 -0400 Subject: [PATCH] Better error message for forbidden symbolic links The error message is not great, but at least it is not actively misleading anymore. Will fix QubesOS/qubes-issues#8581 once this is used by qfile-unpacker and qfile-agent. --- qrexec-lib/pack.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/qrexec-lib/pack.c b/qrexec-lib/pack.c index 5481e73d..29a8ee0d 100644 --- a/qrexec-lib/pack.c +++ b/qrexec-lib/pack.c @@ -107,6 +107,18 @@ void wait_for_result(void) case EINVAL: call_error_handler("File copy: Corrupted data from packer%s\"%s\"", last_filename_prefix, last_filename); break; + case EILSEQ: + // FIXME: the sanitized filename is not useful here, but the unsanitized filename + // is dangerous (which is likely why it was rejected in the first place!). + call_error_handler("Forbidden character in file or link target"); + break; + case ENOLINK: + // FIXME: the protocol only provides the name of the file, not what it points to. + // FIXME: This assumes that a symlink target was rejected, not a path. However, + // this code should only produces valid paths, so if an invalid path gets sent, + // that's a bug. + call_error_handler("Cannot verify that link at \"%s\" would not be broken by copy", last_filename); + break; case EDQUOT: if (ignore_quota_error) { /* skip also CRC check as sender and receiver might be