Uploaded image for project: 'Erlang/OTP'
  1. Erlang/OTP
  2. ERL-370

Check for null bytes in binaries / strings when opening files

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 19.1.1
    • Fix Version/s: OTP-21.0
    • Component/s: erts, kernel, stdlib
    • Labels:
      None

      Description

      Currently file:read_file and all other operations that accept a file system path representing file, including in other modules such as prim_file, silently accept and discard the remaining of a string / binary when a null byte is present. For example, if I have a "README.md" file in the current directory, I can read it with the commands below:

      1> file:read_file("README.md\0.txt").

      {ok, ...}
      2> file:read_file(<<"README.md\0.txt">>).
      {ok, ...}

      This can be a security issue in applications that perform operations based on the filename. For example, filename:extname/1 returns the extension name after the null byte:

      3> filename:extension("README.md\0.txt").
      ".txt"

      So an entity could be made to believe it is handling a file with extension .xxx while it is serving a file with extension .yyy.

      While I don't believe this poises a security issue in OTP itself, I believe the platform would be safer if it raised when a string or binary with a null byte is given anytime we are interacting with the filesystem.

      For some reference, Java, Python, Node and Ruby all raise if the string/binary contains a null byte. Haskell is the only language that does not in my initial analysis.

        Attachments

          Activity

            People

            Assignee:
            rickard Rickard Green
            Reporter:
            josevalim José Valim
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: