mirror of
https://github.com/golang/go
synced 2024-10-05 00:21:21 -06:00
a108369c83
Since NUL usually terminates strings in underlying syscalls, allowing it when converting string arguments is a security risk, especially when dealing with filenames. For example, a program might reason that filename like "/root/..\x00/" is a subdirectory or "/root/" and allow access to it, while underlying syscall will treat "\x00" as an end of that string and the actual filename will be "/root/..", which might be unexpected. Returning EINVAL when string arguments have NUL in them makes sure this attack vector is unusable. R=golang-dev, r, bradfitz, fullung, rsc, minux.ma CC=golang-dev https://golang.org/cl/6458050
52 lines
1.1 KiB
Go
52 lines
1.1 KiB
Go
// Copyright 2012 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package syscall_test
|
|
|
|
import (
|
|
"io/ioutil"
|
|
"os"
|
|
"path/filepath"
|
|
"syscall"
|
|
"testing"
|
|
)
|
|
|
|
func TestWin32finddata(t *testing.T) {
|
|
dir, err := ioutil.TempDir("", "go-build")
|
|
if err != nil {
|
|
t.Fatalf("failed to create temp directory: %v", err)
|
|
}
|
|
defer os.RemoveAll(dir)
|
|
|
|
path := filepath.Join(dir, "long_name.and_extension")
|
|
f, err := os.Create(path)
|
|
if err != nil {
|
|
t.Fatalf("failed to create %v: %v", path, err)
|
|
}
|
|
f.Close()
|
|
|
|
type X struct {
|
|
fd syscall.Win32finddata
|
|
got byte
|
|
pad [10]byte // to protect ourselves
|
|
|
|
}
|
|
var want byte = 2 // it is unlikely to have this character in the filename
|
|
x := X{got: want}
|
|
|
|
pathp, _ := syscall.UTF16PtrFromString(path)
|
|
h, err := syscall.FindFirstFile(pathp, &(x.fd))
|
|
if err != nil {
|
|
t.Fatalf("FindFirstFile failed: %v", err)
|
|
}
|
|
err = syscall.FindClose(h)
|
|
if err != nil {
|
|
t.Fatalf("FindClose failed: %v", err)
|
|
}
|
|
|
|
if x.got != want {
|
|
t.Fatalf("memory corruption: want=%d got=%d", want, x.got)
|
|
}
|
|
}
|