maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Prevent an injection attack in passing untrusted options to substituters

Browse source
This commit is contained in:
Eelco Dolstra 2012-07-31 18:50:32 -04:00
parent 90d9c58d4d
commit eb7849e3a2
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/libstore/globals.cc
View file

@ -188,6 +188,10 @@ string Settings::pack()
{ {
string s; string s;
foreach (SettingsMap::iterator, i, settings) { foreach (SettingsMap::iterator, i, settings) {
if (i->first.find('\n') != string::npos ||
i->first.find('=') != string::npos ||
i->second.find('\n') != string::npos)
throw Error("illegal option name/value");
s += i->first; s += '='; s += i->second; s += '\n'; s += i->first; s += '='; s += i->second; s += '\n';
} }
return s; return s;