std.file functions and embedded NUL characters [CWE-158]
kdevel
kdevel at vogtner.de
Thu Jul 31 20:45:14 UTC 2025
Some python code:
#!/usr/bin/python
def myfun (filename):
open (filename, 'w')
myfun ("a\0c")
which when executed behaves in an exemplary manner:
Traceback (most recent call last):
File "./test.py", line 6, in <module>
myfun ("a\0c")
File "./test.py", line 4, in myfun
open (filename, 'w')
TypeError: file() argument 1 must be encoded string without
null
bytes, not str
Other languages like D, perl or even Ada seem to let the embedded
NUL
character silently truncate the filename. This poses a
considerable
risk when the input to std.file functions is not controlled by the
program author [1]. E.g.
rmdirRecurse ("/\0/home/user/subdir");
[1] https://cwe.mitre.org/data/definitions/158.html
More information about the Digitalmars-d
mailing list