!10110: base: Ensure that FilePaths don't contain interior NULs · Merge requests · Glasgow Haskell Compiler / GHC

Ben Gamari requested to merge wip/T13660 into master Mar 10, 2023

POSIX filepaths may not contain the NUL octet but previously we did not reject such paths. This could be exploited by untrusted input to cause discrepancies between various FilePath queries and the opened filename. For instance, readFile "hello.so\x00.txt" would open the file "hello.so" yet takeFileExtension would return ".txt".

Analogously, Windows filepaths may not contain the NUL codepoint. Similarly reject such paths on Windows.

Closes #13660 (closed). Closes #23191 (closed). Implements CLC Proposal #144. Implements CLC Proposal #153.

To do

Open CLC proposal (see https://github.com/haskell/core-libraries-committee/issues/144)

Edited Mar 29, 2023 by Ben Gamari

base: Ensure that FilePaths don't contain interior NULs

To do

Merge request reports