diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-07-31T22·50-0400 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-07-31T22·50-0400 |
commit | eb7849e3a281511a59abf72ae5c3133f903bbaab (patch) | |
tree | 27e091b609c38c7252d86961ed9564ca5d180f37 /src/libstore | |
parent | 90d9c58d4dabb370849cd523fb9ee471e8140b76 (diff) |
Prevent an injection attack in passing untrusted options to substituters
Diffstat (limited to 'src/libstore')
-rw-r--r-- | src/libstore/globals.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index bfb40a07a237..c75ebdd0e36b 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -188,6 +188,10 @@ string Settings::pack() { string s; foreach (SettingsMap::iterator, i, settings) { + if (i->first.find('\n') != string::npos || + i->first.find('=') != string::npos || + i->second.find('\n') != string::npos) + throw Error("illegal option name/value"); s += i->first; s += '='; s += i->second; s += '\n'; } return s; |