From 45d7b1a9e9018a2be5add1dc6d983e6b7b339c61 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Thu, 11 May 2017 13:26:03 +0200
Subject: LocalStore::addToStore(): Check info.narSize

It allowed the client to specify bogus narSize values. In particular,
Downloader::downloadCached wasn't setting narSize at all.
---
 src/libstore/local-store.cc | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src/libstore/local-store.cc')

diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index c8e61126c1b8..ed03c3f425bd 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -919,8 +919,12 @@ void LocalStore::addToStore(const ValidPathInfo & info, const ref<std::string> &
 
     Hash h = hashString(htSHA256, *nar);
     if (h != info.narHash)
-        throw Error(format("hash mismatch importing path ‘%s’; expected hash ‘%s’, got ‘%s’") %
-            info.path % info.narHash.to_string() % h.to_string());
+        throw Error("hash mismatch importing path ‘%s’; expected hash ‘%s’, got ‘%s’",
+            info.path, info.narHash.to_string(), h.to_string());
+
+    if (nar->size() != info.narSize)
+        throw Error("szie mismatch importing path ‘%s’; expected %s, got %s",
+            info.path, info.narSize, nar->size());
 
     if (requireSigs && !dontCheckSigs && !info.checkSignatures(*this, publicKeys))
         throw Error("cannot add path ‘%s’ because it lacks a valid signature", info.path);
-- 
cgit 1.4.1