fetchClosure: Don't allow URL query parameters

Allowing this is a potential security hole, since it allows the user
to specify parameters like 'local-nar-cache'.
This commit is contained in:
Eelco Dolstra 2022-04-06 11:52:51 +02:00
parent c0ad86f681
commit 589f6f267b
2 changed files with 20 additions and 1 deletions

View file

@ -61,6 +61,12 @@ static void prim_fetchClosure(EvalState & state, const Pos & pos, Value * * args
.errPos = pos
});
if (!parsedURL.query.empty())
throw Error({
.msg = hintfmt("'fetchClosure' does not support URL query parameters (in '%s')", *fromStoreUrl),
.errPos = pos
});
auto fromStore = openStore(parsedURL.to_string());
if (toCA) {
@ -87,7 +93,8 @@ static void prim_fetchClosure(EvalState & state, const Pos & pos, Value * * args
});
}
} else {
copyClosure(*fromStore, *state.store, RealisedPath::Set { *fromPath });
if (!state.store->isValidPath(*fromPath))
copyClosure(*fromStore, *state.store, RealisedPath::Set { *fromPath });
toPath = fromPath;
}

View file

@ -56,3 +56,15 @@ nix copy --to file://$cacheDir $caPath
fromPath = $caPath;
}
") = $caPath ]]
# Check that URL query parameters aren't allowed.
clearStore
narCache=$TEST_ROOT/nar-cache
rm -rf $narCache
(! nix eval -v --raw --expr "
builtins.fetchClosure {
fromStore = \"file://$cacheDir?local-nar-cache=$narCache\";
fromPath = $caPath;
}
")
(! [ -e $narCache ])