diff options
author | edef <edef@edef.eu> | 2023-10-27T11·25+0000 |
---|---|---|
committer | edef <edef@edef.eu> | 2023-10-27T13·56+0000 |
commit | 36f2b69de59ddd9f64c1f37c9ef1422661643245 (patch) | |
tree | 612d60fe7ccf98964986b03483fe20cde9de18fe | |
parent | 99a61def17edbd77795efd2fda9e557b2cfef571 (diff) |
fix(tvix/nix-compat): validate store path name length r/6887
Change-Id: I89ac0ad147a1872c021ab4235ca46ef3f51d0446 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9854 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
-rw-r--r-- | tvix/nix-compat/src/store_path/mod.rs | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/tvix/nix-compat/src/store_path/mod.rs b/tvix/nix-compat/src/store_path/mod.rs index e75d900ce006..c1df442adc89 100644 --- a/tvix/nix-compat/src/store_path/mod.rs +++ b/tvix/nix-compat/src/store_path/mod.rs @@ -164,8 +164,8 @@ impl StorePath { /// Checks a given &[u8] to match the restrictions for [StorePath::name], and /// returns the name as string if successful. pub(crate) fn validate_name(s: &[u8]) -> Result<String, Error> { - // Empty names are not allowed. - if s.is_empty() { + // Empty or excessively long names are not allowed. + if s.is_empty() || s.len() > 211 { return Err(Error::InvalidLength()); } @@ -247,6 +247,17 @@ mod tests { } #[test] + fn empty_name() { + StorePath::from_bytes(b"00bgd045z0d4icpbc2yy-").expect_err("must fail"); + } + + #[test] + fn excessive_length() { + StorePath::from_bytes(b"00bgd045z0d4icpbc2yy-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") + .expect_err("must fail"); + } + + #[test] fn invalid_hash_length() { StorePath::from_bytes(b"00bgd045z0d4icpbc2yy-net-tools-1.60_p20170221182432") .expect_err("must fail"); |