maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #2326 from aszlig/fix-symlink-leak

Browse source 
Fix symlink leak in restricted eval mode
This commit is contained in:
Eelco Dolstra 2018-08-03 17:01:34 +02:00 committed by GitHub
commit bc65e02d96
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/libexpr/eval.cc
View file

@ -349,19 +349,25 @@ Path EvalState::checkSourcePath(const Path & path_)
bool found = false;
/* First canonicalize the path without symlinks, so we make sure an
* attacker can't append ../../... to a path that would be in allowedPaths
* and thus leak symlink targets.
*/
Path abspath = canonPath(path_);
for (auto & i : *allowedPaths) {
if (isDirOrInDir(path_, i)) {
if (isDirOrInDir(abspath, i)) {
found = true;
break;
}
}
if (!found)
throw RestrictedPathError("access to path '%1%' is forbidden in restricted mode", path_);
throw RestrictedPathError("access to path '%1%' is forbidden in restricted mode", abspath);
/* Resolve symlinks. */
debug(format("checking access to '%s'") % path_);
Path path = canonPath(path_, true);
debug(format("checking access to '%s'") % abspath);
Path path = canonPath(abspath, true);
for (auto & i : *allowedPaths) {
if (isDirOrInDir(path, i)) {