base: Ensure that FilePaths don't contain interior NULs
POSIX filepaths may not contain the NUL octet but previously we did not
reject such paths. This could be exploited by untrusted input to cause
discrepancies between various FilePath
queries and the opened
filename. For instance, readFile "hello.so\x00.txt"
would open the
file "hello.so"
yet takeFileExtension
would return ".txt"
.
Analogously, Windows filepaths may not contain the NUL codepoint. Similarly reject such paths on Windows.
Closes #13660 (closed). Closes #23191 (closed). Implements CLC Proposal #144. Implements CLC Proposal #153.
To do
-
Open CLC proposal (see https://github.com/haskell/core-libraries-committee/issues/144)