fix(tvix/nix-compat): validate store path name length

Change-Id: I89ac0ad147a1872c021ab4235ca46ef3f51d0446 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9854 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-10-27 11:25:14 +00:00 · 2023-10-27 11:25:14 +00:00 · 36f2b69de5
commit 36f2b69de5
parent 99a61def17
1 changed files with 13 additions and 2 deletions
--- a/tvix/nix-compat/src/store_path/mod.rs
+++ b/tvix/nix-compat/src/store_path/mod.rs
@ -164,8 +164,8 @@ impl StorePath {
 /// Checks a given &[u8] to match the restrictions for [StorePath::name], and
 /// returns the name as string if successful.
 pub(crate) fn validate_name(s: &[u8]) -> Result<String, Error> {
-    // Empty names are not allowed.
-    if s.is_empty() {
+    // Empty or excessively long names are not allowed.
+    if s.is_empty() || s.len() > 211 {
        return Err(Error::InvalidLength());
    }

@ -246,6 +246,17 @@ mod tests {
            .expect_err("must fail");
    }

+    #[test]
+    fn empty_name() {
+        StorePath::from_bytes(b"00bgd045z0d4icpbc2yy-").expect_err("must fail");
+    }
+
+    #[test]
+    fn excessive_length() {
+        StorePath::from_bytes(b"00bgd045z0d4icpbc2yy-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
+            .expect_err("must fail");
+    }
+
    #[test]
    fn invalid_hash_length() {
        StorePath::from_bytes(b"00bgd045z0d4icpbc2yy-net-tools-1.60_p20170221182432")