lix-project/lix
20
55
Fork 31
Code Issues 344 Code Review (Gerrit) Projects 3 Releases Wiki Activity

checkURI(): Check file URIs against allowedPaths

Browse source 
This makes e.g. 'fetchGit ./.' work (assuming that ./. is an allowed
path).
This commit is contained in:
Eelco Dolstra 2018-02-06 14:35:14 +01:00
parent f539085e65
commit f24e726ba5
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/libexpr/eval.cc
View file

@ -378,6 +378,18 @@ void EvalState::checkURI(const std::string & uri)
&& (prefix[prefix.size() - 1] == '/' || uri[prefix.size()] == '/')))
return;
/* If the URI is a path, then check it against allowedPaths as
well. */
if (hasPrefix(uri, "/")) {
checkSourcePath(uri);
return;
}
if (hasPrefix(uri, "file://")) {
checkSourcePath(std::string(uri, 7));
return;
}
throw RestrictedPathError("access to URI '%s' is forbidden in restricted mode", uri);
}