Prevent an injection attack in passing untrusted options to substituters

This commit is contained in:
Eelco Dolstra 2012-07-31 18:50:32 -04:00
parent 90d9c58d4d
commit eb7849e3a2

View file

@ -188,6 +188,10 @@ string Settings::pack()
{
string s;
foreach (SettingsMap::iterator, i, settings) {
if (i->first.find('\n') != string::npos ||
i->first.find('=') != string::npos ||
i->second.find('\n') != string::npos)
throw Error("illegal option name/value");
s += i->first; s += '='; s += i->second; s += '\n';
}
return s;