path fetcher: Fix relative path check

1 files changed, 9 insertions, 4 deletions

diff --git a/src/libfetchers/path.cc b/src/libfetchers/path.cc
index b6fcdac9e..b35c04cfc 100644
--- a/src/libfetchers/path.cc
+++ b/src/libfetchers/path.cc
@@ -85,18 +85,23 @@ struct PathInputScheme : InputScheme
         std::string absPath;
         auto path = getStrAttr(input.attrs, "path");
 
-        if (path[0] != '/' && input.parent) {
+        if (path[0] != '/') {
+            if (!input.parent)
+                throw Error("cannot fetch input '%s' because it uses a relative path", input.to_string());
+
             auto parent = canonPath(*input.parent);
 
             // the path isn't relative, prefix it
-            absPath = canonPath(parent + "/" + path);
+            absPath = nix::absPath(path, parent);
 
             // for security, ensure that if the parent is a store path, it's inside it
-            if (!parent.rfind(store->storeDir, 0) && absPath.rfind(store->storeDir, 0))
-                throw BadStorePath("relative path '%s' points outside of its parent's store path %s, this is a security violation", path, parent);
+            if (store->isInStore(parent) && !isInDir(absPath, parent))
+                throw BadStorePath("relative path '%s' [%s] points outside of its parent's store path '%s'", path, absPath, parent);
         } else
             absPath = path;
 
+        Activity act(*logger, lvlTalkative, actUnknown, fmt("copying '%s'", absPath));
+
         // FIXME: check whether access to 'path' is allowed.
         auto storePath = store->maybeParseStorePath(absPath);