civodul pushed a commit to tag 1.8
in repository guix.
commit 2c3a8f787ba9da49feafdec4022534184e0a96a3
Author: Eelco Dolstra <[email protected]>
Date: Thu Jul 10 11:46:01 2014 +0200
Fix security hole in ‘nix-store --serve’
Since it didn't check that the path received from the client is a
store path, the client could dump any path in the file system.
---
src/nix-store/nix-store.cc | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/nix-store/nix-store.cc b/src/nix-store/nix-store.cc
index 4fee725..5bcb82f 100644
--- a/src/nix-store/nix-store.cc
+++ b/src/nix-store/nix-store.cc
@@ -923,7 +923,7 @@ static void opServe(Strings opFlags, Strings opArgs)
}
break;
case cmdSubstitute:
- dumpPath(readString(in), out);
+ dumpPath(readStorePath(in), out);
break;
default:
throw Error(format("unknown serve command `%1%'") % cmd);
