std.file functions and embedded NUL characters [CWE-158]

kdevel kdevel at vogtner.de
Thu Jul 31 22:38:41 UTC 2025


On Thursday, 31 July 2025 at 21:47:24 UTC, Richard (Rikki) Andrew 
Cattermole wrote:
> This is indeed a security vulnerability, but it isn't on D's 
> side.
> All system API's take in a null terminated string, when it 
> should've been pointer + length.

The cause of the problem is the silent truncation when the 
conversion
from D-string to C-const char * takes place. This is not a 
problem of
the API which is in the case of POSIX is totally simple (compared 
to
all the VMS/Windows APIs).

There must be a reason why C++ uses const char* in its filesystem 
functions [1].

> If someone has a problem with this currently, you can call 
> ``isValidPath`` in ``std.path``, which will check for the null 
> character.

Unfortunately isValidPath also flags perfectly legal filenames
as invalid, e.g. such containing invalid UTF-8 sequences.

[1] https://en.cppreference.com/w/cpp/header/iostream.html


More information about the Digitalmars-d mailing list