62/118: Be more strict about file names in NARs

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

62/118: Be more strict about file names in NARs

From:	Ludovic Court�s
Subject:	62/118: Be more strict about file names in NARs
Date:	Tue, 19 May 2015 14:45:41 +0000

civodul pushed a commit to branch nix
in repository guix.

commit 985f1595fe9f61095c7bc94b49be1179811ec630
Author: Eelco Dolstra <address@hidden>
Date:   Wed Jul 16 16:30:50 2014 +0200

    Be more strict about file names in NARs
---
 src/libutil/archive.cc |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/src/libutil/archive.cc b/src/libutil/archive.cc
index dfe9653..9dc2ebe 100644
--- a/src/libutil/archive.cc
+++ b/src/libutil/archive.cc
@@ -231,7 +231,7 @@ static void parse(ParseSink & sink, Source & source, const 
Path & path)
         }
 
         else if (s == "entry" && type == tpDirectory) {
-            string name;
+            string name, prevName;
 
             s = readString(source);
             if (s != "(") throw badArchive("expected open tag");
@@ -245,6 +245,11 @@ static void parse(ParseSink & sink, Source & source, const 
Path & path)
                     break;
                 } else if (s == "name") {
                     name = readString(source);
+                    if (name.empty() || name == "." || name == ".." || 
name.find('/') != string::npos || name.find((char) 0) != string::npos)
+                        throw Error(format("NAR contains invalid file name 
`%1%'") % name);
+                    if (name <= prevName)
+                        throw Error("NAR directory is not sorted");
+                    prevName = name;
                     if (useCaseHack) {
                         auto i = names.find(name);
                         if (i != names.end()) {

[Prev in Thread]

Current Thread

[Next in Thread]

42/118: Refactoring: Move all fork handling into a higher-order function, (continued)
- 42/118: Refactoring: Move all fork handling into a higher-order function, Ludovic Court�s, 2015/05/19
- 41/118: nix-copy-closure: Restore compression and the progress viewer, Ludovic Court�s, 2015/05/19
- 54/118: build-remote.pl: Don't keep a shell process around, Ludovic Court�s, 2015/05/19
- 57/118: Manual: Typo, Ludovic Court�s, 2015/05/19
- 53/118: build-remote.pl: Fix build log, Ludovic Court�s, 2015/05/19
- 66/118: nix-daemon: Show name of connecting user, Ludovic Court�s, 2015/05/19
- 58/118: Pass *_proxy vars to bootstrap fetchurl, Ludovic Court�s, 2015/05/19
- 56/118: Remove cruft, Ludovic Court�s, 2015/05/19
- 48/118: Fix broken Pid constructor, Ludovic Court�s, 2015/05/19
- 51/118: build-remote.pl: Use ‘nix-store --serve’ on the remote side, Ludovic Court�s, 2015/05/19
- 62/118: Be more strict about file names in NARs, Ludovic Court�s <=
- 65/118: nix-daemon: Only print connection info if we have SO_PEERCRED, Ludovic Court�s, 2015/05/19
- 72/118: Remove dead code, Ludovic Court�s, 2015/05/19
- 55/118: build-remote.pl: Fix building multiple output derivations, Ludovic Court�s, 2015/05/19
- 59/118: Install systemd and Upstart stuff only on Linux, Ludovic Court�s, 2015/05/19
- 68/118: Ugly hack to fix building on old Darwin, Ludovic Court�s, 2015/05/19
- 64/118: nix-daemon: Fix compat with older clients, Ludovic Court�s, 2015/05/19
- 61/118: Handle case collisions on case-insensitive systems, Ludovic Court�s, 2015/05/19
- 60/118: Make dev-shell script work on Darwin, Ludovic Court�s, 2015/05/19
- 71/118: Revert old useBuildHook behaviour, Ludovic Court�s, 2015/05/19
- 63/118: Get rid of a compiler warning, Ludovic Court�s, 2015/05/19

Prev by Date: 51/118: build-remote.pl: Use ‘nix-store --serve’ on the remote side
Next by Date: 65/118: nix-daemon: Only print connection info if we have SO_PEERCRED
Previous by thread: 51/118: build-remote.pl: Use ‘nix-store --serve’ on the remote side
Next by thread: 65/118: nix-daemon: Only print connection info if we have SO_PEERCRED
Index(es):
- Date
- Thread