Ensure error messages don't leak private key

Since #8766, invalid base64 is rendered in errors, but we don't actually want to show this in the case of an invalid private keys. Co-Authored-By: Eelco Dolstra <edolstra@gmail.com>
2025-11-18 00:12:43 +01:00 · 2024-09-17 15:25:30 -04:00 · 2024-09-17 15:25:30 -04:00 · 2b6b03d8df
commit 2b6b03d8df
parent d0c351bf43
10 changed files with 68 additions and 22 deletions
--- a/src/libstore/machines.cc
+++ b/src/libstore/machines.cc
@ -159,8 +159,9 @@ static Machine parseBuilderLine(const std::set<std::string> & defaultSystems, co
        const auto & str = tokens[fieldIndex];
        try {
            base64Decode(str);
-        } catch (const Error & e) {
-            throw FormatError("bad machine specification: a column #%lu in a row: '%s' is not valid base64 string: %s", fieldIndex, line, e.what());
+        } catch (FormatError & e) {
+            e.addTrace({}, "while parsing machine specification at a column #%lu in a row: '%s'", fieldIndex, line);
+            throw;
        }
        return str;
    };
--- a/src/libstore/ssh.cc
+++ b/src/libstore/ssh.cc
@ -7,6 +7,16 @@

 namespace nix {

+static std::string parsePublicHostKey(std::string_view host, std::string_view sshPublicHostKey)
+{
+    try {
+        return base64Decode(sshPublicHostKey);
+    } catch (Error & e) {
+        e.addTrace({}, "while decoding ssh public host key for host '%s'", host);
+        throw;
+    }
+}
+
 SSHMaster::SSHMaster(
    std::string_view host,
    std::string_view keyFile,
@ -15,7 +25,7 @@ SSHMaster::SSHMaster(
    : host(host)
    , fakeSSH(host == "localhost")
    , keyFile(keyFile)
-    , sshPublicHostKey(sshPublicHostKey)
+    , sshPublicHostKey(parsePublicHostKey(host, sshPublicHostKey))
    , useMaster(useMaster && !fakeSSH)
    , compress(compress)
    , logFD(logFD)
@ -39,7 +49,7 @@ void SSHMaster::addCommonSSHOpts(Strings & args)
        std::filesystem::path fileName = state->tmpDir->path() / "host-key";
        auto p = host.rfind("@");
        std::string thost = p != std::string::npos ? std::string(host, p + 1) : host;
-        writeFile(fileName.string(), thost + " " + base64Decode(sshPublicHostKey) + "\n");
+        writeFile(fileName.string(), thost + " " + sshPublicHostKey + "\n");
        args.insert(args.end(), {"-oUserKnownHostsFile=" + fileName.string()});
    }
    if (compress)
--- a/src/libstore/ssh.hh
+++ b/src/libstore/ssh.hh
@ -14,6 +14,9 @@ private:
    const std::string host;
    bool fakeSSH;
    const std::string keyFile;
+    /**
+     * Raw bytes, not Base64 encoding.
+     */
    const std::string sshPublicHostKey;
    const bool useMaster;
    const bool compress;