From 45d7b1a9e9018a2be5add1dc6d983e6b7b339c61 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 11 May 2017 13:26:03 +0200 Subject: LocalStore::addToStore(): Check info.narSize It allowed the client to specify bogus narSize values. In particular, Downloader::downloadCached wasn't setting narSize at all. --- src/libstore/download.cc | 1 + src/libstore/local-store.cc | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'src/libstore') diff --git a/src/libstore/download.cc b/src/libstore/download.cc index 4d502219ed86..93519ec663a7 100644 --- a/src/libstore/download.cc +++ b/src/libstore/download.cc @@ -652,6 +652,7 @@ Path Downloader::downloadCached(ref store, const string & url_, bool unpa Hash hash = hashString(expectedHash ? expectedHash.type : htSHA256, *res.data); info.path = store->makeFixedOutputPath(false, hash, name); info.narHash = hashString(htSHA256, *sink.s); + info.narSize = sink.s->size(); info.ca = makeFixedOutputCA(false, hash); store->addToStore(info, sink.s, false, true); storePath = info.path; diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index c8e61126c1b8..ed03c3f425bd 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -919,8 +919,12 @@ void LocalStore::addToStore(const ValidPathInfo & info, const ref & Hash h = hashString(htSHA256, *nar); if (h != info.narHash) - throw Error(format("hash mismatch importing path ‘%s’; expected hash ‘%s’, got ‘%s’") % - info.path % info.narHash.to_string() % h.to_string()); + throw Error("hash mismatch importing path ‘%s’; expected hash ‘%s’, got ‘%s’", + info.path, info.narHash.to_string(), h.to_string()); + + if (nar->size() != info.narSize) + throw Error("szie mismatch importing path ‘%s’; expected %s, got %s", + info.path, info.narSize, nar->size()); if (requireSigs && !dontCheckSigs && !info.checkSignatures(*this, publicKeys)) throw Error("cannot add path ‘%s’ because it lacks a valid signature", info.path); -- cgit 1.4.1