From 2c3a8f787ba9da49feafdec4022534184e0a96a3 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Thu, 10 Jul 2014 11:46:01 +0200
Subject: Fix security hole in ‘nix-store --serve’
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Since it didn't check that the path received from the client is a
store path, the client could dump any path in the file system.
---
 src/nix-store/nix-store.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/nix-store/nix-store.cc')

diff --git a/src/nix-store/nix-store.cc b/src/nix-store/nix-store.cc
index 4fee7258cb94..5bcb82f324fa 100644
--- a/src/nix-store/nix-store.cc
+++ b/src/nix-store/nix-store.cc
@@ -923,7 +923,7 @@ static void opServe(Strings opFlags, Strings opArgs)
             }
             break;
         case cmdSubstitute:
-            dumpPath(readString(in), out);
+            dumpPath(readStorePath(in), out);
             break;
         default:
             throw Error(format("unknown serve command `%1%'") % cmd);
-- 
cgit 1.4.1