Handle win32 separator for cygwin paths #141864
Conversation
rustbot
added
S-waiting-on-review
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
Here I just use
cygwin_conv_pathbecause it handles both cygwin and win32 paths correctly and convert them into absolute POSIX paths.
I was going to raise the issue of encoding, but looking at the code it doesn't seem to deal with WIN_A as a different encoding than POSIX paths, so I guess that's not an issue. I guess I need to have a conversation on the Cygwin list to better understand this.
|
Finally I reuse the prefix parser from Windows. Now the cygwin use std::path::{absolute, Path};
fn main() {
test_path("C:\\msys64");
test_path("/dev/sda1");
test_path("./sda1");
test_path("/c/Users");
test_path("\\\\?\\UNC/localhost/share");
}
fn test_path(p: impl AsRef<Path>) {
let p = p.as_ref();
let abs = absolute(p).unwrap();
if p.is_absolute() {
println!("{} == {}", p.display(), abs.display());
} else {
println!("{} -> {}", p.display(), abs.display());
}
println!("{:?}", p.components().collect::<Vec<_>>());
}On Windows, it should output (the current drive is While on Cygwin, it should output |
Actually rust doesn't handle very well for non-UTF-8 encoding on Unix. |
|
OK, seems that the command line is converted from UTF-16: https://github.com/cygwin/cygwin/blob/972872c0d396dbf0ce296b8280cee08ce7727b51/winsup/cygwin/dcrt0.cc#L902 And stdin handles the encoding conversion: https://github.com/cygwin/cygwin/blob/972872c0d396dbf0ce296b8280cee08ce7727b51/winsup/cygwin/fhandler/pty.cc#L3935 So I think all inputs are UTF-8 for a Cygwin program, and the developers could not construct a non-UTF-8 Win32 path if they aren't aware of encodings. If they are, they should know that Rust codes are UTF-8:) |
|
Now I'm a little worried about |
|
This was originally reported by @Ry0taK through Rust's security disclosure process, and since this affects a still-in-development tier 3 target (with very few users right now) we agreed to let the development of the fix happen in the open. |
|
This change is T-libs area, so it will require their review. r? rust-lang/libs I'm not familiar with Cygwin API at all, but I see what you want to achieve here, and I think it's sensible.
They wouldn't want to break that API as a normal release, right? I'd expected a documented API to remain backwards compatible. @pietroalbini I'm out of the loop, could you shed some light on your comment? |
|
Also, there is a typo in both the title and the first commit 😉 |
Berrysoft
changed the title
Cygwin's encoding may not always be UTF-8 - one can set the locale environment variables like they can on Unix to set the encoding, and then the conversions of paths and terminal input will use that encoding instead of UTF-8. |
|
In such locale, Rust doesn't even work on Linux. That's fair:) |
@mati865 this was originally reported to security@rust-lang.org as it could defeat path traversal mitigations like this: if p.components().into_iter().any(|x| x == Component::ParentDir) {
panic!("path traversal");
}By only parsing unix-like paths, it would be possible to sneak in a path traversal using win32 paths. Given the current status of the target we agreed it would be ok to develop the fix in the open. |
|
@tgross35 ping? |
@Berrysoft could you add a regression test to this effect that fails without this change? Probably in |
Berrysoft
force-pushed
the
cygwin-path
branch
2 times, most recently
from
a15c379 to
b6ad7ff
Compare
|
Should there be some testing of |
rustbot
added
the
S-waiting-on-review
|
@bors r=ChrisDenton |
bors
added
S-waiting-on-bors
Handle win32 separator for cygwin paths This PR handles a issue that cygwin actually supports Win32 path, so we need to handle the Win32 prefix and separaters. r? ``@mati865`` cc ``@jeremyd2019`` ~~Not sure if I should handle the prefix like the windows target... Cygwin *does* support win32 paths directly going through the APIs, but I think it's not the recommended way.~~ Here I just use `cygwin_conv_path` because it handles both cygwin and win32 paths correctly and convert them into absolute POSIX paths. UPDATE: Windows path prefix is handled.
Rollup of 11 pull requests Successful merges: - #140809 (Reduce special casing for the panic runtime) - #141608 (Add support for repetition to `proc_macro::quote`) - #141864 (Handle win32 separator for cygwin paths) - #142216 (Miscellaneous RefCell cleanups) - #142517 (Windows: Use anonymous pipes in Command) - #142570 (Reject union default field values) - #142584 (Handle same-crate macro for borrowck semicolon suggestion) - #142585 (Update books) - #142586 (Fold unnecessary `visit_struct_field_def` in AstValidator) - #142595 (Revert overeager warning for misuse of `--print native-static-libs`) - #142598 (Set elf e_flags on ppc64 targets according to abi) r? `@ghost` `@rustbot` modify labels: rollup
Handle win32 separator for cygwin paths This PR handles a issue that cygwin actually supports Win32 path, so we need to handle the Win32 prefix and separaters. r? ```@mati865``` cc ```@jeremyd2019``` ~~Not sure if I should handle the prefix like the windows target... Cygwin *does* support win32 paths directly going through the APIs, but I think it's not the recommended way.~~ Here I just use `cygwin_conv_path` because it handles both cygwin and win32 paths correctly and convert them into absolute POSIX paths. UPDATE: Windows path prefix is handled.
Handle win32 separator for cygwin paths This PR handles a issue that cygwin actually supports Win32 path, so we need to handle the Win32 prefix and separaters. r? ````@mati865```` cc ````@jeremyd2019```` ~~Not sure if I should handle the prefix like the windows target... Cygwin *does* support win32 paths directly going through the APIs, but I think it's not the recommended way.~~ Here I just use `cygwin_conv_path` because it handles both cygwin and win32 paths correctly and convert them into absolute POSIX paths. UPDATE: Windows path prefix is handled.
Rollup of 10 pull requests Successful merges: - #135656 (Add `-Z hint-mostly-unused` to tell rustc that most of a crate will go unused) - #138237 (Get rid of `EscapeDebugInner`.) - #140772 ({aarch64,x86_64}-pc-windows-gnullvm: build host tools) - #140774 (Affirm `-Cforce-frame-pointers=off` does not override) - #141610 (Stabilize `feature(generic_arg_infer)`) - #141864 (Handle win32 separator for cygwin paths) - #142384 (Bringing `rustc_rayon_core` in tree as `rustc_thread_pool`) - #142502 (rustdoc_json: improve handling of generic args) - #142571 (Reason about borrowed classes in CopyProp.) - #142591 (Add spawn APIs for BootstrapCommand to support deferred command execution) r? `@ghost` `@rustbot` modify labels: rollup
|
Will this PR catch up 1.89?😢 |
|
It should make it for 1.89 considering the state of the queue: https://bors.rust-lang.org/queue/rust
Even though this is tier 3 target, maybe this security fix should warrant a priority bump? |
|
Yes, I would like a priority bump if possible:) |
|
@bors p=10 Security fix. |
|
I'm not against prioritising this but does it actually matter if it is merged after the beta branches? It's a tier 3 target so it's not something we build or distribute with our releases. |
|
I assume people will want to still use it from source. Given that it's a security fix I'd like to err on the side of caution. |
|
TBH, I was a bit surprised tier 3 target got this treatment, but since we are there already, I think it would be sensible to get to the finish line.
Downstreams can distribute it, though. Some of them could be unhappy if a known security vulnerability wasn't either fixed or at least mentioned (so they can backport the fix themselves). |
|
☀️ Test successful - checks-actions |
What is this?This is an experimental post-merge analysis report that shows differences in test outcomes between the merged PR and its parent PR.Comparing 2fcf177 (parent) -> 8de4c72 (this PR) Test differencesShow 102 test diffs102 doctest diffs were found. These are ignored, as they are noisy. Test dashboardRun cargo run --manifest-path src/ci/citool/Cargo.toml -- \
test-dashboard 8de4c7234dd9b97c9d76b58671343fdbbc9a433e --output-dir test-dashboardAnd then open Job duration changes
How to interpret the job duration changes?Job durations can vary a lot, based on the actual runner instance |
Handle win32 separator for cygwin paths This PR handles a issue that cygwin actually supports Win32 path, so we need to handle the Win32 prefix and separaters. r? `@mati865` cc `@jeremyd2019` ~~Not sure if I should handle the prefix like the windows target... Cygwin *does* support win32 paths directly going through the APIs, but I think it's not the recommended way.~~ Here I just use `cygwin_conv_path` because it handles both cygwin and win32 paths correctly and convert them into absolute POSIX paths. UPDATE: Windows path prefix is handled.
|
Finished benchmarking commit (8de4c72): comparison URL. Overall result: ✅ improvements - no action needed@rustbot label: -perf-regression Instruction countOur most reliable metric. Used to determine the overall result above. However, even this metric can be noisy.
Max RSS (memory usage)Results (secondary -4.1%)A less reliable metric. May be of interest, but not used to determine the overall result above.
CyclesResults (primary -1.9%, secondary 4.6%)A less reliable metric. May be of interest, but not used to determine the overall result above.
Binary sizeThis benchmark run did not return any relevant results for this metric. Bootstrap: 692.244s -> 691.904s (-0.05%) |
This PR handles a issue that cygwin actually supports Win32 path, so we need to handle the Win32 prefix and separaters.
r? @mati865
cc @jeremyd2019
Not sure if I should handle the prefix like the windows target... Cygwin does support win32 paths directly going through the APIs, but I think it's not the recommended way.Here I just use
cygwin_conv_pathbecause it handles both cygwin and win32 paths correctly and convert them into absolute POSIX paths.UPDATE: Windows path prefix is handled.