std.file functions and embedded NUL characters [CWE-158]
Alex Bryan
abryancs at gmail.com
Thu Jul 31 21:35:50 UTC 2025
On Thursday, 31 July 2025 at 21:25:44 UTC, Doigt wrote:
> On Thursday, 31 July 2025 at 20:45:14 UTC, kdevel wrote:
>> Some python code:
>>
>> #!/usr/bin/python
>>
>> def myfun (filename):
>> open (filename, 'w')
>>
>> myfun ("a\0c")
>>
>> which when executed behaves in an exemplary manner:
>>
>> Traceback (most recent call last):
>> File "./test.py", line 6, in <module>
>> myfun ("a\0c")
>> File "./test.py", line 4, in myfun
>> open (filename, 'w')
>> TypeError: file() argument 1 must be encoded string without
>> null
>> bytes, not str
>>
>> Other languages like D, perl or even Ada seem to let the
>> embedded NUL
>> character silently truncate the filename. This poses a
>> considerable
>> risk when the input to std.file functions is not controlled by
>> the
>> program author [1]. E.g.
>>
>> rmdirRecurse ("/\0/home/user/subdir");
>>
>> [1] https://cwe.mitre.org/data/definitions/158.html
>
> Do you actually have a source or an example program that D
> actually does anything with the null terminator or are you
> talking out of your ass? D doesn't care about the null
> terminator and doesn't do anything with it.
>
> Try this code on run.dlang.io and report back with your apology:
> import std.stdio;
> void main()
> {
> writeln("Hello\0World\0!");
> }
D does nothing with the NULL terminator, but I think the argument
here is that for many file operations, the filename string
eventually gets converted to a C string before it is passed to an
API (C stdlib? syscall?) where the null terminator is significant.
It is best NOT to be rude and nasty, but if you are, you should
at least understand the technical argument
More information about the Digitalmars-d
mailing list