fix: don't follow symlinks when removing junk files #1638
Conversation
|
When is this function |
|
@Narthorn this looks like a good PR, but it never got reviewed / merged. Would you be willing to update this PR to fix the merge conflicts? A lot has happened in torrent.c / torrent.cc since this PR was first submitted 😄 |
ckerr
added
needs update
This prevents accidentally following a symlink that points outside of the torrent's folder and crawling the rest of the drive for junk files to remove. This also prevents symlinks that point to a folder from being treated as real directories, which would cause them to be removed even if the folder they point to is not actually empty. Both issues are especially bad when combined: a symlink to / inside the torrent folder caused transmission to crawl the entire drive and delete every single folder symlink it could find. Oops.
|
Thank you for following up on this, I updated the patch. |
There was a problem hiding this comment.
@Narthorn, clang-tidy wants it to look like this:
--- a/libtransmission/torrent.cc
+++ b/libtransmission/torrent.cc
@@ -2125,7 +2125,8 @@ static void removeEmptyFoldersAndJunkFiles(char const* folder)
auto const filename = tr_strvPath(folder, name);
auto info = tr_sys_path_info{};
- if (tr_sys_path_get_info(filename.c_str(), TR_SYS_PATH_NO_FOLLOW, &info, nullptr) && info.type == TR_SYS_PATH_IS_DIRECTORY)
+ if (tr_sys_path_get_info(filename.c_str(), TR_SYS_PATH_NO_FOLLOW, &info, nullptr) &&
+ info.type == TR_SYS_PATH_IS_DIRECTORY)
{
removeEmptyFoldersAndJunkFiles(filename.c_str());
}and then the Code Style CI bot will be happy.
|
The code style bot should do that itself. It's really not meaningful for humans to spend time doing that. |
|
And it will in a far-far-away future, when code formatters will understand the code structure better than humans do, not requiring any manual fixes after the fact to correct changes in semantics. Until then, setting up clang-format locally is a good-enough tradeoff. |
… (transmission#1638) This prevents accidentally following a symlink that points outside of the torrent's folder and crawling the rest of the drive for junk files to remove. This also prevents symlinks that point to a folder from being treated as real directories, which would cause them to be removed even if the folder they point to is not actually empty.
|
@ckerr as this feels like a security risk, can we get quickly a new official Transmission release to cover that? |
This prevents accidentally following a symlink that points outside of
the torrent's folder and crawling the rest of the drive for junk files
to remove.
This also prevents symlinks that point to a folder from being treated as
real directories, which would cause them to be removed even if the folder
they point to is not actually empty.
Both issues are especially bad when combined: a symlink to / inside the
torrent folder caused transmission to crawl the entire drive and delete
every single folder symlink it could find. Oops.