From 2d687e068abaa3ca876c33361a7b2befa2ccdf0e Mon Sep 17 00:00:00 2001 From: Ryan Lahfa Date: Sat, 19 Aug 2023 19:00:11 +0200 Subject: fix(tvix/nix-compat): disallow empty derivation names Yes: ``` $ nix-build -E 'derivation { name = ""; builder = "/bin/sh"; system = "x86_64-linux"; }' error: store path 'nr7i5pf18hw2zg487vkdyrbasdqylfcj-' has an empty name ``` Change-Id: I552f9ed1c1fe3bfceca18ca9b8e13d4b06dc6ff7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9108 Reviewed-by: flokli Tested-by: BuildkiteCI --- tvix/nix-compat/src/store_path/mod.rs | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tvix/nix-compat/src/store_path/mod.rs b/tvix/nix-compat/src/store_path/mod.rs index 781e32932563..0ed6b2ba0754 100644 --- a/tvix/nix-compat/src/store_path/mod.rs +++ b/tvix/nix-compat/src/store_path/mod.rs @@ -151,6 +151,16 @@ impl StorePath { /// Checks a given &[u8] to match the restrictions for store path names, and /// returns the name as string if successful. pub(crate) fn validate_name(s: &[u8]) -> Result { + // Empty names are not allowed. + if s.is_empty() { + return Err(Error::InvalidLength()); + } + + // First character cannot be a period + if s[0] == b'.' { + return Err(Error::InvalidName(s.to_vec(), 0)); + } + for (i, c) in s.iter().enumerate() { if c.is_ascii_alphanumeric() || *c == b'-' -- cgit 1.4.1