fix: circular symlink detection and root ownership preservation

rgarcia · rgarcia · commit e893d9062ca5 · 2025-12-23T04:47:44.000Z
- Add cycle detection for directory copies when following symlinks
- Track visited directories by resolved absolute path to prevent infinite recursion
- Remove (uid != 0 || gid != 0) check from archive mode chown calls
- Now properly preserves root:root ownership in archive mode
diff --git a/lib/cp.go b/lib/cp.go
@@ -137,6 +137,11 @@ type cpError struct {
 //	    DstPath:    "/app/file.txt",
 //	})
 func CpToInstance(ctx context.Context, cfg CpConfig, opts CpToInstanceOptions) error {
+	return cpToInstanceInternal(ctx, cfg, opts, nil)
+}
+
+// cpToInstanceInternal is the internal implementation that accepts visitedDirs for cycle detection
+func cpToInstanceInternal(ctx context.Context, cfg CpConfig, opts CpToInstanceOptions, visitedDirs map[string]bool) error {
 	// Build WebSocket URL
 	wsURL, err := buildWsURL(cfg.BaseURL, opts.InstanceID)
 	if err != nil {
@@ -200,7 +205,16 @@ func CpToInstance(ctx context.Context, cfg CpConfig, opts CpToInstanceOptions) e
 	}
 
 	if srcInfo.IsDir() {
-		return copyDirToWs(ctx, cfg, ws, opts.SrcPath, opts.DstPath, opts.InstanceID, opts.Archive, opts.FollowLinks, opts.Dialer, opts.Callbacks)
+		// Track visited directories to detect symlink cycles
+		if visitedDirs == nil {
+			visitedDirs = make(map[string]bool)
+		}
+		absPath, _ := filepath.Abs(opts.SrcPath)
+		absPath, _ = filepath.EvalSymlinks(absPath)
+		if !visitedDirs[absPath] {
+			visitedDirs[absPath] = true
+		}
+		return copyDirToWs(ctx, cfg, ws, opts.SrcPath, opts.DstPath, opts.InstanceID, opts.Archive, opts.FollowLinks, opts.Dialer, opts.Callbacks, visitedDirs)
 	}
 	return copyFileToWs(ws, opts.SrcPath, srcInfo.Size(), opts.Callbacks)
 }
@@ -286,7 +300,7 @@ func copyFileToWs(ws WsConn, srcPath string, size int64, callbacks *CpCallbacks)
 }
 
 // copyDirToWs copies a directory to the WebSocket
-func copyDirToWs(ctx context.Context, cfg CpConfig, ws WsConn, srcPath, dstPath, instanceID string, archive, followLinks bool, dialer WsDialer, callbacks *CpCallbacks) error {
+func copyDirToWs(ctx context.Context, cfg CpConfig, ws WsConn, srcPath, dstPath, instanceID string, archive, followLinks bool, dialer WsDialer, callbacks *CpCallbacks, visitedDirs map[string]bool) error {
 	// For directory copy, we just send the end marker
 	// The server will create the directory
 	endMsg, _ := json.Marshal(map[string]string{"type": "end"})
@@ -348,6 +362,28 @@ func copyDirToWs(ctx context.Context, cfg CpConfig, ws WsConn, srcPath, dstPath,
 			return fmt.Errorf("info: %w", err)
 		}
 
+		// Check for symlink cycles when following links
+		if followLinks && info.Mode()&fs.ModeSymlink != 0 {
+			// Resolve the symlink to its real path
+			realPath, err := filepath.EvalSymlinks(walkPath)
+			if err != nil {
+				// If we can't resolve the symlink, skip it (might be broken)
+				return nil
+			}
+			realInfo, err := os.Stat(realPath)
+			if err != nil {
+				return nil // Skip broken symlinks
+			}
+			// If it's a directory symlink, check for cycles
+			if realInfo.IsDir() {
+				if visitedDirs[realPath] {
+					// Cycle detected, skip this symlink to prevent infinite recursion
+					return nil
+				}
+				visitedDirs[realPath] = true
+			}
+		}
+
 		// Determine the mode to use
 		// For symlinks: if following links, let CpToInstance auto-detect from target
 		// (symlinks show 0777 but that's not the target's actual mode)
@@ -360,7 +396,7 @@ func copyDirToWs(ctx context.Context, cfg CpConfig, ws WsConn, srcPath, dstPath,
 
 		// For each file/dir, we need a new WebSocket connection
 		// This is because the protocol is one-file-per-connection
-		return CpToInstance(ctx, cfg, CpToInstanceOptions{
+		return cpToInstanceInternal(ctx, cfg, CpToInstanceOptions{
 			InstanceID:  instanceID,
 			SrcPath:     walkPath,
 			DstPath:     targetPath,
@@ -369,7 +405,7 @@ func copyDirToWs(ctx context.Context, cfg CpConfig, ws WsConn, srcPath, dstPath,
 			FollowLinks: followLinks,
 			Dialer:      dialer,
 			Callbacks:   callbacks,
-		})
+		}, visitedDirs)
 	})
 }
 
@@ -477,7 +513,7 @@ func CpFromInstance(ctx context.Context, cfg CpConfig, opts CpFromInstanceOption
 						return fmt.Errorf("create directory %s: %w", targetPath, err)
 					}
 					// Apply ownership if archive mode
-					if opts.Archive && (header.Uid != 0 || header.Gid != 0) {
+					if opts.Archive {
 						os.Chown(targetPath, int(header.Uid), int(header.Gid))
 					}
 			} else if header.IsSymlink {
@@ -494,7 +530,7 @@ func CpFromInstance(ctx context.Context, cfg CpConfig, opts CpFromInstanceOption
 					return fmt.Errorf("create symlink %s: %w", targetPath, err)
 				}
 					// Apply ownership if archive mode (use Lchown for symlinks)
-					if opts.Archive && (header.Uid != 0 || header.Gid != 0) {
+					if opts.Archive {
 						os.Lchown(targetPath, int(header.Uid), int(header.Gid))
 					}
 				} else {
@@ -528,7 +564,7 @@ func CpFromInstance(ctx context.Context, cfg CpConfig, opts CpFromInstanceOption
 							os.Chtimes(targetPath, mtime, mtime)
 						}
 						// Apply ownership if archive mode
-						if opts.Archive && (currentHeader.Uid != 0 || currentHeader.Gid != 0) {
+						if opts.Archive {
 							os.Chown(targetPath, int(currentHeader.Uid), int(currentHeader.Gid))
 						}
 						// Notify file end
