Ticket #5741 (new feature request)

Opened 5 months ago

Last modified 9 days ago

openFile should fail if null bytes are in the argument

Reported by: Veinor Owned by:
Priority: high Milestone: 7.6.1
Component: libraries/base Version: 7.2.1
Keywords: Cc:
Operating System: Unknown/Multiple Architecture: Unknown/Multiple
Type of failure: Runtime performance bug Difficulty: Unknown
Test Case: Blocked By:
Blocking: Related Tickets:

Description

If the argument to openFile contains a null byte, right now it silently truncates everything after the null byte. This could lead to a vulnerability if the programmer relies on the presence of an extension such as ".cfg" to prevent people from reading in, say, /etc/passwd.

Change History

Changed 4 months ago by igloo

  • priority changed from normal to high
  • difficulty set to Unknown
  • milestone set to 7.6.1

Should we make this throw an exception, or is checking for NULs just part of the input sanitation that the programmer needs to do? I'm inclined towards the latter (although we should probably document it somewhere if so). What do other people think?

Changed 4 months ago by simonmar

Arguably truncation on NUL is part of the filesystem semantics of the underlying OS, just like / being the directory separator.

Changed 9 days ago by GregWeber

This is likely handled properly by the system-filepath library.

Note: See TracTickets for help on using tickets.