diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-07-10 11:46:01 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-07-10 11:46:01 +0200 |
commit | 2c3a8f787ba9da49feafdec4022534184e0a96a3 (patch) | |
tree | e506e45e5c74cc163e80ef81c5277cb490b3911c /src/nix-store | |
parent | 66dbc0fdeebf509c5d919e9c12b2645136d6deeb (diff) | |
download | guix-2c3a8f787ba9da49feafdec4022534184e0a96a3.tar.gz |
Fix security hole in ‘nix-store --serve’
Since it didn't check that the path received from the client is a store path, the client could dump any path in the file system.
Diffstat (limited to 'src/nix-store')
-rw-r--r-- | src/nix-store/nix-store.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/nix-store/nix-store.cc b/src/nix-store/nix-store.cc index 4fee7258cb..5bcb82f324 100644 --- a/src/nix-store/nix-store.cc +++ b/src/nix-store/nix-store.cc @@ -923,7 +923,7 @@ static void opServe(Strings opFlags, Strings opArgs) } break; case cmdSubstitute: - dumpPath(readString(in), out); + dumpPath(readStorePath(in), out); break; default: throw Error(format("unknown serve command `%1%'") % cmd); |