From 2c3a8f787ba9da49feafdec4022534184e0a96a3 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 10 Jul 2014 11:46:01 +0200 Subject: [PATCH] =?UTF-8?q?Fix=20security=20hole=20in=20=E2=80=98nix-store?= =?UTF-8?q?=20--serve=E2=80=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since it didn't check that the path received from the client is a store path, the client could dump any path in the file system. --- src/nix-store/nix-store.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nix-store/nix-store.cc b/src/nix-store/nix-store.cc index 4fee7258c..5bcb82f32 100644 --- a/src/nix-store/nix-store.cc +++ b/src/nix-store/nix-store.cc @@ -923,7 +923,7 @@ static void opServe(Strings opFlags, Strings opArgs) } break; case cmdSubstitute: - dumpPath(readString(in), out); + dumpPath(readStorePath(in), out); break; default: throw Error(format("unknown serve command `%1%'") % cmd);