From 700b3ea61ba2a37876af0a5d2d2f991aba5c7000 Mon Sep 17 00:00:00 2001
From: Tobias Bucher <tobiasbucher5991@gmail.com>
Date: Mon, 13 May 2024 14:22:45 +0200
Subject: Panic if `PathBuf::set_extension` would add a path separator

This is likely never intended and potentially a security vulnerability
if it happens.

I'd guess that it's mostly literal strings that are passed to this
function in practice, so I'm guessing this doesn't break anyone.

CC #125060
---
 library/std/src/path.rs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'library/std/src/path.rs')

diff --git a/library/std/src/path.rs b/library/std/src/path.rs
index 79d800ff072..acf23d97617 100644
--- a/library/std/src/path.rs
+++ b/library/std/src/path.rs
@@ -1425,6 +1425,11 @@ impl PathBuf {
     /// If `extension` is the empty string, [`self.extension`] will be [`None`]
     /// afterwards, not `Some("")`.
     ///
+    /// # Panics
+    ///
+    /// Panics if the passed extension contains a path separator (see
+    /// [`is_separator`]).
+    ///
     /// # Caveats
     ///
     /// The new `extension` may contain dots and will be used in its entirety,
@@ -1470,6 +1475,14 @@ impl PathBuf {
     }
 
     fn _set_extension(&mut self, extension: &OsStr) -> bool {
+        for &b in extension.as_encoded_bytes() {
+            if b < 128 {
+                if is_separator(b as char) {
+                    panic!("extension cannot contain path separators: {:?}", extension);
+                }
+            }
+        }
+
         let file_stem = match self.file_stem() {
             None => return false,
             Some(f) => f.as_encoded_bytes(),
-- 
cgit 1.4.1-3-g733a5