diff options
| author | Tobias Bucher <tobiasbucher5991@gmail.com> | 2024-05-13 14:22:45 +0200 |
|---|---|---|
| committer | Tobias Bucher <tobiasbucher5991@gmail.com> | 2024-05-13 15:08:34 +0200 |
| commit | 700b3ea61ba2a37876af0a5d2d2f991aba5c7000 (patch) | |
| tree | ee79b635ad1f492c544c66ddd78a5404a23e749e /library/std/src/path.rs | |
| parent | 6be7b0c7d2b085474f9f2f9323c2266f4df105d8 (diff) | |
| download | rust-700b3ea61ba2a37876af0a5d2d2f991aba5c7000.tar.gz rust-700b3ea61ba2a37876af0a5d2d2f991aba5c7000.zip | |
Panic if `PathBuf::set_extension` would add a path separator
This is likely never intended and potentially a security vulnerability if it happens. I'd guess that it's mostly literal strings that are passed to this function in practice, so I'm guessing this doesn't break anyone. CC #125060
Diffstat (limited to 'library/std/src/path.rs')
| -rw-r--r-- | library/std/src/path.rs | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/library/std/src/path.rs b/library/std/src/path.rs index 79d800ff072..acf23d97617 100644 --- a/library/std/src/path.rs +++ b/library/std/src/path.rs @@ -1425,6 +1425,11 @@ impl PathBuf { /// If `extension` is the empty string, [`self.extension`] will be [`None`] /// afterwards, not `Some("")`. /// + /// # Panics + /// + /// Panics if the passed extension contains a path separator (see + /// [`is_separator`]). + /// /// # Caveats /// /// The new `extension` may contain dots and will be used in its entirety, @@ -1470,6 +1475,14 @@ impl PathBuf { } fn _set_extension(&mut self, extension: &OsStr) -> bool { + for &b in extension.as_encoded_bytes() { + if b < 128 { + if is_separator(b as char) { + panic!("extension cannot contain path separators: {:?}", extension); + } + } + } + let file_stem = match self.file_stem() { None => return false, Some(f) => f.as_encoded_bytes(), |