Stream: wg-secure-code

Topic: clap vulnerability?


Shnatsel (Nov 03 2019 at 20:28, on Zulip):

I think Clap has an exploitable vulnerability: https://github.com/clap-rs/clap/issues/1594
They basically transmute arbitrary bytes into OsStr which on Windows is WTF-8, so they violate the validity invariant for it. I wonder if there are actually any functions using WTF-8 invariants to avoid bounds checks?

Tony Arcieri (Nov 03 2019 at 20:29, on Zulip):

oof

Shnatsel (Nov 03 2019 at 20:29, on Zulip):

<I've pasted wrong link here, sorry>

Shnatsel (Nov 03 2019 at 20:47, on Zulip):

The good news is that the crate author is very cooperative

Shnatsel (Nov 03 2019 at 21:01, on Zulip):

Lots of functions in WTF-8 implementation do "find next surrogate, pass everything up to that to str::from_utf8_unchecked" - so this should allow constructing&str with invalid UTF-8

Last update: Nov 15 2019 at 21:05UTC