aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2012-07-31 18:50:32 -0400
committerEelco Dolstra <eelco.dolstra@logicblox.com>2012-07-31 18:50:32 -0400
commiteb7849e3a281511a59abf72ae5c3133f903bbaab (patch)
tree27e091b609c38c7252d86961ed9564ca5d180f37 /src
parent90d9c58d4dabb370849cd523fb9ee471e8140b76 (diff)
Prevent an injection attack in passing untrusted options to substituters
Diffstat (limited to 'src')
-rw-r--r--src/libstore/globals.cc4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index bfb40a07a..c75ebdd0e 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -188,6 +188,10 @@ string Settings::pack()
{
string s;
foreach (SettingsMap::iterator, i, settings) {
+ if (i->first.find('\n') != string::npos ||
+ i->first.find('=') != string::npos ||
+ i->second.find('\n') != string::npos)
+ throw Error("illegal option name/value");
s += i->first; s += '='; s += i->second; s += '\n';
}
return s;