Skip to content

Commit

Permalink
Panic if PathBuf::set_extension would add a path separator
Browse files Browse the repository at this point in the history
This is likely never intended and potentially a security vulnerability
if it happens.

I'd guess that it's mostly literal strings that are passed to this
function in practice, so I'm guessing this doesn't break anyone.

CC #125060
  • Loading branch information
tbu- committed May 13, 2024
1 parent 6be7b0c commit 700b3ea
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 0 deletions.
13 changes: 13 additions & 0 deletions library/std/src/path.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1425,6 +1425,11 @@ impl PathBuf {
/// If `extension` is the empty string, [`self.extension`] will be [`None`]
/// afterwards, not `Some("")`.
///
/// # Panics
///
/// Panics if the passed extension contains a path separator (see
/// [`is_separator`]).
///
/// # Caveats
///
/// The new `extension` may contain dots and will be used in its entirety,
Expand Down Expand Up @@ -1470,6 +1475,14 @@ impl PathBuf {
}

fn _set_extension(&mut self, extension: &OsStr) -> bool {
for &b in extension.as_encoded_bytes() {
if b < 128 {
if is_separator(b as char) {
panic!("extension cannot contain path separators: {:?}", extension);
}
}
}

let file_stem = match self.file_stem() {
None => return false,
Some(f) => f.as_encoded_bytes(),
Expand Down
23 changes: 23 additions & 0 deletions library/std/src/path/tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1803,6 +1803,29 @@ fn test_windows_absolute() {
assert_eq!(absolute(r"COM1").unwrap().as_os_str(), Path::new(r"\\.\COM1").as_os_str());
}

#[test]
#[should_panic = "path separator"]
fn test_extension_path_sep() {
let mut path = PathBuf::from("path/to/file");
path.set_extension("d/../../../../../etc/passwd");
}

#[test]
#[should_panic = "path separator"]
#[cfg(windows)]
fn test_extension_path_sep_alternate() {
let mut path = PathBuf::from("path/to/file");
path.set_extension("d\\test");
}

#[test]
#[cfg(not(windows))]
fn test_extension_path_sep_alternate() {
let mut path = PathBuf::from("path/to/file");
path.set_extension("d\\test");
assert_eq!(path, Path::new("path/to/file.d\\test"));
}

#[bench]
#[cfg_attr(miri, ignore)] // Miri isn't fast...
fn bench_path_cmp_fast_path_buf_sort(b: &mut test::Bencher) {
Expand Down

0 comments on commit 700b3ea

Please sign in to comment.