Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failure when download path is symlink #188

Open
WhosyVox opened this issue Aug 21, 2023 · 4 comments
Open

Failure when download path is symlink #188

WhosyVox opened this issue Aug 21, 2023 · 4 comments

Comments

@WhosyVox
Copy link

Distribution

Mint 21.2

Package version

1.6.4+victoria

Frequency

Always

Bug description

Warpinator cannot accept incoming files if the download location is a symbolic link. ('Location for received files' within the app)

The exact error returned is:

Resolved path is not a valid child of the save folder: [symlink path]/file -> [real path]/file

This was working in some prior release (within the last few weeks I expect, given when I last used the tool.

Steps to reproduce

  1. Create a symbolic link to some valid directory you have read/write access to
  2. Point Warpinator's download location to the symbolic link path
  3. Attempt to send a file from another device to that instance of Warpinator

Expected behavior

The file should be downloaded successfully.

Additional information

I can see some argument as to whether following symbolic links would be dangerous, as it could allow an attack that leaks file contents out of the chosen download location.

In this case an exception should be made only for the Download directory itself, and not for any nested paths.

Alternatively if this is expected behaviour, there should be a warning or error provided when selecting a symbolic link as a download target.
@WhosyVox
Copy link
Author

I'm thinking this might be related to the 9aae768 commit, but I could be wrong.

@mtwebster
Copy link
Member

What location is the link pointing to?

@Forage
Copy link

Forage commented Sep 14, 2023
edited
Loading

I can confirm this issue occurring with:

  • Ubuntu 23.04
  • Warpinator 1.6.4 (Flatpak)
  • Warpinator 1.6.1 (Android)

A path like /mnt/Data/Downloads/Warpinator in Flatseal and Warpinator works.
A symlink from /home/user/Downloads to /mnt/Data/Downloads followed by /home/user/Downloads/Warpinator as path in Flatseal and Warpinator does not work.

Sending a file from Android to Ubuntu gets cancelled right away.

@WhosyVox
Copy link
Author

WhosyVox commented Sep 14, 2023
edited
Loading

What location is the link pointing to?

The link was originally ~/temp -> /mnt/temp, but, in testing, even ~/temp -> ~/temp2 resulted in the same error.

It appears that at some stage the application checks that the received files are kept within the configured download directory, but compares the path of the symlink against the path the symlink points to.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mtwebster @Forage @WhosyVox