std.file functions and embedded NUL characters [CWE-158]
Sönke Ludwig
sludwig at outerproduct.org
Mon Aug 4 14:13:01 UTC 2025
Am 31.07.25 um 23:47 schrieb Richard (Rikki) Andrew Cattermole:
> This is quite a good example of why for PhobosV3 I want us to go through
> a FilePath abstraction, rather than accepting random strings for file
> names.
>
> This is indeed a security vulnerability, but it isn't on D's side.
> All system API's take in a null terminated string, when it should've
> been pointer + length.
>
> If someone has a problem with this currently, you can call
> ``isValidPath`` in ``std.path``, which will check for the null character.
>
> https://dlang.org/phobos/std_path.html#isValidPath
I strongly suggest to also at least distinguish between Windows and
Posix path formats to avoid ambiguity issues. vibe.core.path defines
`WindowsPath`, `PosixPath` and `InetPath`, as well as an OS dependent
alias `NativePath` (aliases to either `WindowsPath` or `PosixPath`) to
avoid having to think about this all the time. However, conversions
between path formats are always explicit, with the appropriate
validation taking place.
More information about the Digitalmars-d
mailing list