Fix security hole in ‘nix-store --serve’

Since it didn't check that the path received from the client is a store path, the client could dump any path in the file system.
author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2014-07-10T09·46+0200
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2014-07-10T09·46+0200
commit: 2c3a8f787ba9da49feafdec4022534184e0a96a3 (patch)
tree: e506e45e5c74cc163e80ef81c5277cb490b3911c /src/nix-store/nix-store.cc
parent: 66dbc0fdeebf509c5d919e9c12b2645136d6deeb (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/nix-store/nix-store.cc b/src/nix-store/nix-store.cc
index 4fee7258cb..5bcb82f324 100644
--- a/src/nix-store/nix-store.cc
+++ b/src/nix-store/nix-store.cc
@@ -923,7 +923,7 @@ static void opServe(Strings opFlags, Strings opArgs)
             }
             break;
         case cmdSubstitute:
-            dumpPath(readString(in), out);
+            dumpPath(readStorePath(in), out);
             break;
         default:
             throw Error(format("unknown serve command `%1%'") % cmd);
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2014-07-10T09·46+0200
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2014-07-10T09·46+0200
commit	2c3a8f787ba9da49feafdec4022534184e0a96a3 (patch)
tree	e506e45e5c74cc163e80ef81c5277cb490b3911c /src/nix-store/nix-store.cc
parent	66dbc0fdeebf509c5d919e9c12b2645136d6deeb (diff)