maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
21807 commits 1 branch 0 tags 188 MiB
Find a file
edef 9a8a9c6b67 fix(nix-daemon): ensure Framed NARs are read exactly 
This prevents framing confusion, which would otherwise lead to a
trivial confused deputy attack. See issue #120.

The NixFramedReader state machine has been refactored to simplify
its internal logic and accurately account for EOF conditions.

End-of-stream is fused, and unexpected EOF on the underlying reader
is returned as UnexpectedEof, though we don't fuse those ourselves.

We also ensure that the underlying reader does not swap the ReadBuf;
this would otherwise supply a primitive for converting uninitialised
mutable memory into `&mut [u8]` without initialisation, thus allowing
undefined behaviour to be triggered from safe code.

Change-Id: I05ddb7e3ca57b3363f56c0d9b43d5a641748ca36
Reviewed-on: https://cl.snix.dev/c/snix/+/30380
Reviewed-by: Brian Olsen <brian@maven-group.org>
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
2025-05-09 17:15:28 +00:00
.gcroots feat(.envrc): gcroot third_party.sources 2022-09-15 11:27:53 +00:00
.nixery chore(3p/sources): bump to OpenSSH vulnerability hotfix 2024-07-01 17:42:30 +00:00
contrib chore(tracing): upgrade to 2024 edition 2025-05-02 22:33:47 +00:00
fun/clbot refactor(fun/clbot): drop changeShouldBeSkipped functionality 2025-03-21 16:36:29 +00:00
nix chore: Remove buildGo and supporting infrastructure 2025-03-21 09:58:25 +00:00
ops refactor(ops/machines/snix-cache): use new snix.store domain 2025-05-07 21:03:57 +00:00
snix fix(nix-daemon): ensure Framed NARs are read exactly 2025-05-09 17:15:28 +00:00
third_party feat(ops/modules/www/git.snix.dev): block AI scrapers 2025-05-01 14:57:44 +00:00
tools fix(tools/depotfmt.nix): double specification of edition 2025-04-30 08:42:36 +00:00
web docs(web/docs): collapse some more indexes 2025-05-08 13:57:15 +00:00
.editorconfig feat(editorconfig): add global editorconfig 2025-03-19 11:35:35 +00:00
.envrc chore: fix unreleased direnv bug 2025-04-09 22:39:01 +00:00
.git-blame-ignore-revs fix: add cl/4397 (treewide nixpkgs-fmt) to git-blame-ignore-revs 2022-02-07 18:15:09 +00:00
.gitignore chore: add .direnv to gitignore 2025-04-12 18:12:35 +00:00
.gitreview chore: Introduce .gitreview file 2024-08-31 13:05:23 +00:00
.hgignore chore(hgignore): ignore .git for hg 2020-06-14 18:23:13 +00:00
.mailmap chore(mailmap): add edef 2025-04-01 18:47:29 +00:00
.rgignore chore: Only exclude //third_party/git from ripgrep 2020-05-17 23:58:22 +01:00
buf.gen.yaml fix(treewide): add missing final newlines 2025-03-21 13:33:32 +00:00
buf.yaml chore(buf): Use nixpkgs-provided buf 2022-10-21 18:39:03 +00:00
default.nix fix(default.nix): drop usersFilter 2025-03-20 12:21:44 +00:00
LICENSE feat(LICENSE): add Snix Project 2025-03-17 12:45:09 +00:00
OWNERS chore: update OWNERS 2025-03-20 12:21:43 +00:00
README.md chore(*): drop everything that is not required for Tvix 2025-03-17 16:18:26 +00:00
RULES feat(whitby): Let sterni bear the wheel 2021-05-23 19:06:15 +00:00
rustfmt.toml feat(depotfmt): Check & format Rust code with rustfmt 2022-02-08 12:06:39 +00:00

README.md

Snix is a modern Rust re-implementation of the components of the Nix package manager.

For more information, checkout the website, hosted at snix.dev, which also is available in the web/ subdirectory of this repository.