| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250616-borrow_impls-v4-6-36f9beb3fe6a@nvidia.com>
Date: Mon, 16 Jun 2025 12:34:10 +0900
From: Alexandre Courbot <acourbot@...dia.com>
To: Danilo Krummrich <dakr@...nel.org>, Miguel Ojeda <ojeda@...nel.org>,
Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>,
Gary Guo <gary@...yguo.net>,
Björn Roy Baron <bjorn3_gh@...tonmail.com>,
Benno Lossin <lossin@...nel.org>, Andreas Hindborg <a.hindborg@...nel.org>,
Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>
Cc: rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org,
Alexandre Courbot <acourbot@...dia.com>
Subject: [PATCH v4 6/7] rust: str: implement `from_bytes_with_nul_mut`
Given that `from_bytes_with_nul_unchecked` is paired with
`from_bytes_with_nul`, it looks asymmetric that
`from_bytes_with_nul_unchecked_mut` did not have its faillible safe
counterpart.
To avoid repetition, factorize the `CStr` validity check code into a
private function.
Signed-off-by: Alexandre Courbot <acourbot@...dia.com>
---
rust/kernel/str.rs | 37 +++++++++++++++++++++++++++++++------
1 file changed, 31 insertions(+), 6 deletions(-)
diff --git a/rust/kernel/str.rs b/rust/kernel/str.rs
index 28f2f359ab23e6a926e88913e3cc9f481aa86037..21d6f8801ea84686d4aa909fbb52578af96fe2d8 100644
--- a/rust/kernel/str.rs
+++ b/rust/kernel/str.rs
@@ -243,11 +243,13 @@ pub unsafe fn from_char_ptr<'a>(ptr: *const crate::ffi::c_char) -> &'a Self {
unsafe { Self::from_bytes_with_nul_unchecked(bytes) }
}
- /// Creates a [`CStr`] from a `[u8]`.
+ /// Returns `Ok` if `bytes` can safely be interpreted as a [`CStr`].
///
- /// The provided slice must be `NUL`-terminated, does not contain any
- /// interior `NUL` bytes.
- pub const fn from_bytes_with_nul(bytes: &[u8]) -> Result<&Self, CStrConvertError> {
+ /// `bytes` is a valid [`CStr`] if:
+ /// * It is not empty,
+ /// * It is zero-terminated,
+ /// * It does not contain any other zero byte.
+ const fn is_valid_cstr(bytes: &[u8]) -> Result<(), CStrConvertError> {
if bytes.is_empty() {
return Err(CStrConvertError::NotNulTerminated);
}
@@ -263,8 +265,31 @@ pub const fn from_bytes_with_nul(bytes: &[u8]) -> Result<&Self, CStrConvertError
}
i += 1;
}
- // SAFETY: We just checked that all properties hold.
- Ok(unsafe { Self::from_bytes_with_nul_unchecked(bytes) })
+
+ Ok(())
+ }
+
+ /// Creates a [`CStr`] from a `[u8]`.
+ ///
+ /// The provided slice must be `NUL`-terminated, does not contain any
+ /// interior `NUL` bytes.
+ pub const fn from_bytes_with_nul(bytes: &[u8]) -> Result<&Self, CStrConvertError> {
+ match Self::is_valid_cstr(bytes) {
+ // SAFETY: We just checked that all properties hold.
+ Ok(()) => Ok(unsafe { Self::from_bytes_with_nul_unchecked(bytes) }),
+ Err(e) => Err(e),
+ }
+ }
+
+ /// Creates a mutable [`CStr`] from a mutable `[u8]`.
+ ///
+ /// The provided slice must be `NUL`-terminated and not contain any interior `NUL` bytes.
+ pub const fn from_bytes_with_nul_mut(bytes: &mut [u8]) -> Result<&mut Self, CStrConvertError> {
+ match Self::is_valid_cstr(bytes) {
+ // SAFETY: We just checked that all properties hold.
+ Ok(()) => Ok(unsafe { Self::from_bytes_with_nul_unchecked_mut(bytes) }),
+ Err(e) => Err(e),
+ }
}
/// Creates a [`CStr`] from a `[u8]` without performing any additional
--
2.49.0
Powered by blists - more mailing lists