Add tests for invalid file names in NARs

Note: in general, we rely on the OS to tell us if a name is invalid or if two names normalize in the same way. But for security, we do want to make sure that we catch '.', '..', slashes and NUL characters. (NUL characters aren't really a security issue, but since they would be truncated when we pass them to the OS, it would be canonicity problem.)
2024-11-15 02:36:16 +02:00 · 2024-09-12 14:58:33 +02:00 · 2024-09-12 14:58:33 +02:00 · 421aa1add1
commit 421aa1add1
parent 48477d4a3e
6 changed files with 20 additions and 0 deletions
--- a/tests/functional/dot.nar
+++ b/tests/functional/dot.nar
--- a/tests/functional/dotdot.nar
+++ b/tests/functional/dotdot.nar
--- a/tests/functional/empty.nar
+++ b/tests/functional/empty.nar
--- a/tests/functional/nars.sh
+++ b/tests/functional/nars.sh
@ -92,3 +92,23 @@ else
    [[ -e $TEST_ROOT/out/â ]]
    [[ -e $TEST_ROOT/out/â ]]
 fi
+
+# Unpacking a NAR with a NUL character in a file name should fail.
+rm -rf "$TEST_ROOT/out"
+expectStderr 1 nix-store --restore "$TEST_ROOT/out" < nul.nar | grepQuiet "NAR contains invalid file name 'f"
+
+# Likewise for a '.' filename.
+rm -rf "$TEST_ROOT/out"
+expectStderr 1 nix-store --restore "$TEST_ROOT/out" < dot.nar | grepQuiet "NAR contains invalid file name '.'"
+
+# Likewise for a '..' filename.
+rm -rf "$TEST_ROOT/out"
+expectStderr 1 nix-store --restore "$TEST_ROOT/out" < dotdot.nar | grepQuiet "NAR contains invalid file name '..'"
+
+# Likewise for a filename containing a slash.
+rm -rf "$TEST_ROOT/out"
+expectStderr 1 nix-store --restore "$TEST_ROOT/out" < slash.nar | grepQuiet "NAR contains invalid file name 'x/y'"
+
+# Likewise for an empty filename.
+rm -rf "$TEST_ROOT/out"
+expectStderr 1 nix-store --restore "$TEST_ROOT/out" < empty.nar | grepQuiet "NAR contains invalid file name ''"
--- a/tests/functional/nul.nar
+++ b/tests/functional/nul.nar
--- a/tests/functional/slash.nar
+++ b/tests/functional/slash.nar