From 6c91f23ca5e4b3054a634d39f746a0d6e9cd1223 Mon Sep 17 00:00:00 2001
From: Michael Raskin <7c6f434c@mail.ru>
Date: Wed, 17 Dec 2014 21:49:02 +0300
Subject: Try to defend against chroot paths in store matching derivation paths

---
 pkgs/servers/http/nix-binary-cache/nix-binary-cache.cgi.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'pkgs/servers/http')

diff --git a/pkgs/servers/http/nix-binary-cache/nix-binary-cache.cgi.in b/pkgs/servers/http/nix-binary-cache/nix-binary-cache.cgi.in
index 219ab9763ada..ce18fa7727f4 100644
--- a/pkgs/servers/http/nix-binary-cache/nix-binary-cache.cgi.in
+++ b/pkgs/servers/http/nix-binary-cache/nix-binary-cache.cgi.in
@@ -51,7 +51,7 @@ case "$QUERY_STRING" in
 	*.narinfo)
 		hash=${QUERY_STRING%.narinfo}
 		hash=${hash#/}
-		path="$(echo "$STORE_DIR/$hash-"* )"
+		path="$(echo "$STORE_DIR/$hash-"* | sort | head -n 1)"
 		if [ -n "$path" ] && [ -e "$path" ]; then
 			header
 			info="$(
-- 
cgit 1.4.1