std.file functions and embedded NUL characters [CWE-158]

monkyyy crazymonkyyy at gmail.com
Thu Jul 31 22:36:42 UTC 2025


On Thursday, 31 July 2025 at 20:45:14 UTC, kdevel wrote:
> Some python code:
>
>    #!/usr/bin/python
>
>    def myfun (filename):
>       open (filename, 'w')
>
>    myfun ("a\0c")
>
> which when executed behaves in an exemplary manner:
>
>    Traceback (most recent call last):
>      File "./test.py", line 6, in <module>
>        myfun ("a\0c")
>      File "./test.py", line 4, in myfun
>        open (filename, 'w')
>    TypeError: file() argument 1 must be encoded string without 
> null
>    bytes, not str
>
> Other languages like D, perl or even Ada seem to let the 
> embedded NUL
> character silently truncate the filename. This poses a 
> considerable
> risk when the input to std.file functions is not controlled by 
> the
> program author [1]. E.g.
>
>    rmdirRecurse ("/\0/home/user/subdir");
>
> [1] https://cwe.mitre.org/data/definitions/158.html

https://github.com/dlang/phobos/blob/205256abb1f86faf986f8c789cb733ca4137246e/std/string.d#L368

are you sure? Im not entirely sure if this will always trigger 
but theres asserts here


More information about the Digitalmars-d mailing list