From 39d1e9654c102339f3d99b0e52a49639182f972b Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 10 Jan 2018 21:38:08 +0100 Subject: store: Fix potential over-reads in 'import-paths'. Previously 'process-stderr' would always pass a bytevector of MAX-LEN to then daemon in the %stderr-read case (i.e., 'import-paths'), instead of LEN (where LEN <= MAX-LEN). In practice the extra bytes didn't cause a protocol violation or anything because they happen at the end of the stream, which typically contains the canonical sexp of the signature, and the extra zeros were just ignored. * guix/serialization.scm (write-bytevector): Add optional 'l' parameter and honor it. * guix/store.scm (process-stderr): Pass LEN to 'write-bytevector'. --- guix/serialization.scm | 8 ++++---- guix/store.scm | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'guix') diff --git a/guix/serialization.scm b/guix/serialization.scm index e6ae2fc307..b41a0a09d1 100644 --- a/guix/serialization.scm +++ b/guix/serialization.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès +;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -102,9 +102,9 @@ (or (zero? m) (put-bytevector p zero 0 (- 8 m))))))) -(define (write-bytevector s p) - (let* ((l (bytevector-length s)) - (m (modulo l 8)) +(define* (write-bytevector s p + #:optional (l (bytevector-length s))) + (let* ((m (modulo l 8)) (b (make-bytevector (+ 8 l (if (zero? m) 0 (- 8 m)))))) (bytevector-u32-set! b 0 l (endianness little)) (bytevector-copy! s 0 b 8 l) diff --git a/guix/store.scm b/guix/store.scm index 89db46b8e6..6742611c6f 100644 --- a/guix/store.scm +++ b/guix/store.scm @@ -609,7 +609,7 @@ encoding conversion errors." (let* ((max-len (read-int p)) (data (make-bytevector max-len)) (len (get-bytevector-n! user-port data 0 max-len))) - (write-bytevector data p) + (write-bytevector data p len) #f)) ((= k %stderr-next) ;; Log a string. Build logs are usually UTF-8-encoded, but they -- cgit v1.2.3