std.file functions and embedded NUL characters [CWE-158]
kdevel
kdevel at vogtner.de
Sun Aug 3 00:03:47 UTC 2025
On Friday, 1 August 2025 at 17:53:17 UTC, Steven Schveighoffer
wrote:
> [...]
> It's always a fight between correctness and performance here.
Pardon?
> [...]
> I'm not sure that's the library's responsibility. In other
> words, if I pass in `rmdir("foo")`, then why should I pay the
> penalty of examining `"foo"` for malicious NUL bytes?
The `NUL` is not representable in `char *`. But all phobos
filesystem functions use unadorned `string` parameters for
pathnames. Who else if not the designer of the library shall be
responsible for coding (not paying!) the extra cpu cycles?
If the library expects pathnames without embedded `NUL`s I would
create a subtype of `string`, say `fstring` or `cstring`. One
then has to discuss which of these calls
```
rmdir ("a\0b"); //with the technique from [1]
rmdir (fstring ("a\0b"));
rmdir (cast (fstring) ("a\0b"));
```
shall compile and what one expects as runtime behavior.
[1] *Implicit type conversion of an argument when a function is
called*
https://forum.dlang.org/thread/agstjpezerwlgdhphclk@forum.dlang.org
More information about the Digitalmars-d
mailing list