From c13193017fdcb910627698e343c2df4183d91f8f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 26 Nov 2019 20:12:15 +0100 Subject: [PATCH] Disallow empty store path names Fixes #3239. --- src/libstore/local-store.cc | 2 ++ src/libstore/store-api.cc | 9 +++++++-- tests/referrers.sh | 4 ++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index e9dd3f96e..7d127840a 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -585,6 +585,8 @@ void LocalStore::checkDerivationOutputs(const Path & drvPath, const Derivation & uint64_t LocalStore::addValidPath(State & state, const ValidPathInfo & info, bool checkOutputs) { + checkStoreName(storePathToName(info.path)); + if (info.ca != "" && !info.isContentAddressed(*this)) throw Error("cannot add path '%s' to the Nix store because it claims to be content-addressed but isn't", info.path); diff --git a/src/libstore/store-api.cc b/src/libstore/store-api.cc index 54430d3ba..0758907e7 100644 --- a/src/libstore/store-api.cc +++ b/src/libstore/store-api.cc @@ -90,17 +90,22 @@ void checkStoreName(const string & name) "Path names are alphanumeric and can include the symbols %1% " "and must not begin with a period. " "Note: If '%2%' is a source file and you cannot rename it on " - "disk, builtins.path { name = ... } can be used to give it an " + "disk, 'builtins.path { name = ... }' can be used to give it an " "alternative name.") % validChars % name; + if (name.empty()) + throw Error(baseError % "it is an empty string"); + /* Disallow names starting with a dot for possible security reasons (e.g., "." and ".."). */ - if (string(name, 0, 1) == ".") + if (name[0] == '.') throw Error(baseError % "it is illegal to start the name with a period"); + /* Disallow names longer than 211 characters. ext4’s max is 256, but we need extra space for the hash and .chroot extensions. */ if (name.length() > 211) throw Error(baseError % "name must be less than 212 characters"); + for (auto & i : name) if (!((i >= 'A' && i <= 'Z') || (i >= 'a' && i <= 'z') || diff --git a/tests/referrers.sh b/tests/referrers.sh index 8ab8e5ddf..614dd8f5b 100644 --- a/tests/referrers.sh +++ b/tests/referrers.sh @@ -4,9 +4,9 @@ clearStore max=500 -reference=$NIX_STORE_DIR/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +reference=$NIX_STORE_DIR/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-bla touch $reference -(echo $reference && echo && echo 0) | nix-store --register-validity +(echo $reference && echo && echo 0) | nix-store --register-validity echo "making registration..."