nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-12-16 14:01:05 +01:00
Code Activity

Fix nix-build.cc double getenv("TZ") race condition

Browse source 
This is mostly theoretical, but the code was calling getenv("TZ")
twice: once to check if it's non-null, and again to get its value.
This creates a potential race condition where the environment could
change between calls.
This commit is contained in:
Robert Hensing 2025-12-11 15:52:34 +01:00 committed by Jörg Thalheim
parent de6fdb7da5
commit 76c09bf3d4
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/nix/nix-build/nix-build.cc
View file

@ -613,6 +613,8 @@ static void main_nix_build(int argc, char ** argv)
environment variables and shell functions. Also don't environment variables and shell functions. Also don't
lose the current $PATH directories. */ lose the current $PATH directories. */
auto rcfile = (tmpDir.path() / "rc").string(); auto rcfile = (tmpDir.path() / "rc").string();
auto tz = getEnv("TZ");
auto tzExport = tz ? "export TZ=" + escapeShellArgAlways(*tz) + "; " : "";
std::string rc = fmt( std::string rc = fmt(
(R"(_nix_shell_clean_tmpdir() { command rm -rf %1%; };)"s (R"(_nix_shell_clean_tmpdir() { command rm -rf %1%; };)"s
"trap _nix_shell_clean_tmpdir EXIT; " "trap _nix_shell_clean_tmpdir EXIT; "
@ -646,7 +648,7 @@ static void main_nix_build(int argc, char ** argv)
(pure ? "" : "PATH=$PATH:$p; unset p; "), (pure ? "" : "PATH=$PATH:$p; unset p; "),
escapeShellArgAlways(dirOf(*shell)), escapeShellArgAlways(dirOf(*shell)),
escapeShellArgAlways(*shell), escapeShellArgAlways(*shell),
(getenv("TZ") ? (std::string("export TZ=") + escapeShellArgAlways(getenv("TZ")) + "; ") : ""), tzExport,
envCommand); envCommand);
vomit("Sourcing nix-shell with file %s and contents:\n%s", rcfile, rc); vomit("Sourcing nix-shell with file %s and contents:\n%s", rcfile, rc);
writeFile(rcfile, rc); writeFile(rcfile, rc);