lix-project/lix
20
55
Fork 31
Code Issues 344 Code Review (Gerrit) Projects 3 Releases Wiki Activity

bugfix: Adding depth limit to resolveExprPath

Browse source 
There is no termination condition for evaluation of cyclical
expression paths which can lead to infinite loops. This addresses
one spot in the parser in a similar fashion as utils.cc/canonPath
does.

This issue can be reproduced by something like:

```
ln -s a b
ln -s b a

nix-instantiate -E 'import ./a'
```
This commit is contained in:
Dima 2019-12-13 14:44:14 +01:00
parent 3e787423c2
commit d89d9958a7
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/libexpr/parser.y
View file

@ -576,10 +576,15 @@ Path resolveExprPath(Path path)
{ {
assert(path[0] == '/'); assert(path[0] == '/');
unsigned int followCount = 0, maxFollow = 1024;
/* If `path' is a symlink, follow it. This is so that relative /* If `path' is a symlink, follow it. This is so that relative
path references work. */ path references work. */
struct stat st; struct stat st;
while (true) { while (true) {
// Basic cycle/depth limit to avoid infinite loops.
if (++followCount >= maxFollow)
throw Error(format("can't resolve expression. infinite symlink recursion in path '%1%'") % path);
if (lstat(path.c_str(), &st)) if (lstat(path.c_str(), &st))
throw SysError(format("getting status of '%1%'") % path); throw SysError(format("getting status of '%1%'") % path);
if (!S_ISLNK(st.st_mode)) break; if (!S_ISLNK(st.st_mode)) break;