TakeV
/
guix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent an injection attack in passing untrusted options to substituters

This commit is contained in:
Eelco Dolstra 2012-07-31 18:50:32 -04:00
parent 90d9c58d4d
commit eb7849e3a2
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/libstore/globals.cc
View File

@ -188,6 +188,10 @@ string Settings::pack()
{
string s;
foreach (SettingsMap::iterator, i, settings) {
if (i->first.find('\n') != string::npos ||
i->first.find('=') != string::npos ||
i->second.find('\n') != string::npos)
throw Error("illegal option name/value");
s += i->first; s += '='; s += i->second; s += '\n';
}
return s;