diff options
| author | Michael Raskin <7c6f434c@mail.ru> | 2014-12-17 21:49:02 +0300 |
|---|---|---|
| committer | Michael Raskin <7c6f434c@mail.ru> | 2014-12-17 21:49:18 +0300 |
| commit | 6c91f23ca5e4b3054a634d39f746a0d6e9cd1223 (patch) | |
| tree | b48caa831ada0292b234211049b1d239aa8d3b03 /pkgs/servers | |
| parent | 52dde68a8511c687b23e5c34cd528d5e66c6e740 (diff) | |
| download | nixlib-6c91f23ca5e4b3054a634d39f746a0d6e9cd1223.tar nixlib-6c91f23ca5e4b3054a634d39f746a0d6e9cd1223.tar.gz nixlib-6c91f23ca5e4b3054a634d39f746a0d6e9cd1223.tar.bz2 nixlib-6c91f23ca5e4b3054a634d39f746a0d6e9cd1223.tar.lz nixlib-6c91f23ca5e4b3054a634d39f746a0d6e9cd1223.tar.xz nixlib-6c91f23ca5e4b3054a634d39f746a0d6e9cd1223.tar.zst nixlib-6c91f23ca5e4b3054a634d39f746a0d6e9cd1223.zip | |
Try to defend against chroot paths in store matching derivation paths
Diffstat (limited to 'pkgs/servers')
| -rw-r--r-- | pkgs/servers/http/nix-binary-cache/nix-binary-cache.cgi.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkgs/servers/http/nix-binary-cache/nix-binary-cache.cgi.in b/pkgs/servers/http/nix-binary-cache/nix-binary-cache.cgi.in index 219ab9763ada..ce18fa7727f4 100644 --- a/pkgs/servers/http/nix-binary-cache/nix-binary-cache.cgi.in +++ b/pkgs/servers/http/nix-binary-cache/nix-binary-cache.cgi.in @@ -51,7 +51,7 @@ case "$QUERY_STRING" in *.narinfo) hash=${QUERY_STRING%.narinfo} hash=${hash#/} - path="$(echo "$STORE_DIR/$hash-"* )" + path="$(echo "$STORE_DIR/$hash-"* | sort | head -n 1)" if [ -n "$path" ] && [ -e "$path" ]; then header info="$( |