fetchClosure: Don't allow URL query parameters

Allowing this is a potential security hole, since it allows the user to specify parameters like 'local-nar-cache'.
2025-06-25 10:41:16 +02:00 · 2022-04-06 11:52:51 +02:00 · 2022-04-06 11:52:51 +02:00 · 589f6f267b
commit 589f6f267b
parent c0ad86f681
2 changed files with 20 additions and 1 deletions
--- a/src/libexpr/primops/fetchClosure.cc
+++ b/src/libexpr/primops/fetchClosure.cc
@ -61,6 +61,12 @@ static void prim_fetchClosure(EvalState & state, const Pos & pos, Value * * args
            .errPos = pos
        });

+    if (!parsedURL.query.empty())
+        throw Error({
+            .msg = hintfmt("'fetchClosure' does not support URL query parameters (in '%s')", *fromStoreUrl),
+            .errPos = pos
+        });
+
    auto fromStore = openStore(parsedURL.to_string());

    if (toCA) {
@ -87,7 +93,8 @@ static void prim_fetchClosure(EvalState & state, const Pos & pos, Value * * args
                });
        }
    } else {
-        copyClosure(*fromStore, *state.store, RealisedPath::Set { *fromPath });
+        if (!state.store->isValidPath(*fromPath))
+            copyClosure(*fromStore, *state.store, RealisedPath::Set { *fromPath });
        toPath = fromPath;
    }