Stream: wg-secure-code

Topic: clap vulnerability?

Shnatsel (Nov 03 2019 at 20:28, on Zulip):

I think Clap has an exploitable vulnerability:
They basically transmute arbitrary bytes into OsStr which on Windows is WTF-8, so they violate the validity invariant for it. I wonder if there are actually any functions using WTF-8 invariants to avoid bounds checks?

Tony Arcieri (Nov 03 2019 at 20:29, on Zulip):


Shnatsel (Nov 03 2019 at 20:29, on Zulip):

<I've pasted wrong link here, sorry>

Shnatsel (Nov 03 2019 at 20:47, on Zulip):

The good news is that the crate author is very cooperative

Shnatsel (Nov 03 2019 at 21:01, on Zulip):

Lots of functions in WTF-8 implementation do "find next surrogate, pass everything up to that to str::from_utf8_unchecked" - so this should allow constructing&str with invalid UTF-8

DPC (Nov 24 2019 at 09:02, on Zulip):

Hi @Shnatsel . I'm one of the maintainers of clap. If you need anything feel free to ping me

Last update: Apr 03 2020 at 18:25UTC