StorePath::new(): Check store directory

nix-rust/src/c.rs

@@ -34,7 +34,8 @@ pub extern "C" fn ffi_StorePath_new(
     path: &str,
     store_dir: &str,
 ) -> Result<StorePath, error::CppException> {
-    StorePath::new(std::path::Path::new(path), store_dir).map_err(|err| err.into())
+    StorePath::new(std::path::Path::new(path), std::path::Path::new(store_dir))
+        .map_err(|err| err.into())
 }
 
 #[no_mangle]

nix-rust/src/error.rs

@@ -4,6 +4,7 @@ use std::fmt;
 pub enum Error {
     InvalidPath(crate::store::StorePath),
     BadStorePath(std::path::PathBuf),
+    NotInStore(std::path::PathBuf),
     BadNarInfo,
     BadBase32,
     StorePathNameEmpty,
@@ -46,6 +47,9 @@ impl fmt::Display for Error {
             Error::InvalidPath(_) => write!(f, "invalid path"),
             Error::BadNarInfo => write!(f, ".narinfo file is corrupt"),
             Error::BadStorePath(path) => write!(f, "path '{}' is not a store path", path.display()),
+            Error::NotInStore(path) => {
+                write!(f, "path '{}' is not in the Nix store", path.display())
+            }
             Error::BadBase32 => write!(f, "invalid base32 string"),
             Error::StorePathNameEmpty => write!(f, "store path name is empty"),
             Error::StorePathNameTooLong => {

nix-rust/src/store/path.rs

@@ -13,8 +13,10 @@ pub const STORE_PATH_HASH_BYTES: usize = 20;
 pub const STORE_PATH_HASH_CHARS: usize = 32;
 
 impl StorePath {
-    pub fn new(path: &Path, _store_dir: &str) -> Result<Self, Error> {
+    pub fn new(path: &Path, store_dir: &Path) -> Result<Self, Error> {
-        // FIXME: check store_dir
+        if path.parent() != Some(store_dir) {
+            return Err(Error::NotInStore(path.into()));
+        }
         Self::new_from_base_name(
             path.file_name()
                 .ok_or(Error::BadStorePath(path.into()))?