std.file functions and embedded NUL characters [CWE-158]
monkyyy
crazymonkyyy at gmail.com
Thu Jul 31 22:36:42 UTC 2025
On Thursday, 31 July 2025 at 20:45:14 UTC, kdevel wrote:
> Some python code:
>
> #!/usr/bin/python
>
> def myfun (filename):
> open (filename, 'w')
>
> myfun ("a\0c")
>
> which when executed behaves in an exemplary manner:
>
> Traceback (most recent call last):
> File "./test.py", line 6, in <module>
> myfun ("a\0c")
> File "./test.py", line 4, in myfun
> open (filename, 'w')
> TypeError: file() argument 1 must be encoded string without
> null
> bytes, not str
>
> Other languages like D, perl or even Ada seem to let the
> embedded NUL
> character silently truncate the filename. This poses a
> considerable
> risk when the input to std.file functions is not controlled by
> the
> program author [1]. E.g.
>
> rmdirRecurse ("/\0/home/user/subdir");
>
> [1] https://cwe.mitre.org/data/definitions/158.html
https://github.com/dlang/phobos/blob/205256abb1f86faf986f8c789cb733ca4137246e/std/string.d#L368
are you sure? Im not entirely sure if this will always trigger
but theres asserts here
More information about the Digitalmars-d
mailing list