std.file functions and embedded NUL characters [CWE-158]

kdevel kdevel at vogtner.de
Thu Jul 31 20:45:14 UTC 2025


Some python code:

    #!/usr/bin/python

    def myfun (filename):
       open (filename, 'w')

    myfun ("a\0c")

which when executed behaves in an exemplary manner:

    Traceback (most recent call last):
      File "./test.py", line 6, in <module>
        myfun ("a\0c")
      File "./test.py", line 4, in myfun
        open (filename, 'w')
    TypeError: file() argument 1 must be encoded string without 
null
    bytes, not str

Other languages like D, perl or even Ada seem to let the embedded 
NUL
character silently truncate the filename. This poses a 
considerable
risk when the input to std.file functions is not controlled by the
program author [1]. E.g.

    rmdirRecurse ("/\0/home/user/subdir");

[1] https://cwe.mitre.org/data/definitions/158.html


More information about the Digitalmars-d mailing list