From f1bab6b74d84b972a9e817e5028b8e438bf5e83d Mon Sep 17 00:00:00 2001
From: dzwdz
Date: Thu, 15 Aug 2024 21:29:54 +0200
Subject: kernel: disallow NUL bytes in paths

---
 man/open.2            | 2 ++
 src/kernel/syscalls.c | 8 ++++++++
 src/libc/fs/misc.c    | 1 -
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/man/open.2 b/man/open.2
index 3cc18b3..2de7abc 100644
--- a/man/open.2
+++ b/man/open.2
@@ -21,6 +21,8 @@ tries to open the file located at
 which is a string of length
 .Fa len ,
 potentially returning a new handle.
+.Fa path
+can't contain any NUL bytes.
 The call will be handled by the most recent mount that contains the given path,
 according to the definition in
 .Xr path 7 .
diff --git a/src/kernel/syscalls.c b/src/kernel/syscalls.c
index e94f886..a6c807c 100644
--- a/src/kernel/syscalls.c
+++ b/src/kernel/syscalls.c
@@ -73,6 +73,14 @@ hid_t _sys_open(const char __user *path, long len, int flags) {
 		goto fail;
 	}
 
+	/* I used to allow NUL in paths. Now I don't, but I want to keep the same
+	 * API -- so let's reject paths with NUL in them. */
+	for (long i = 0; i < len; i++) {
+		if (path_buf[i] == '\0') {
+			goto fail;
+		}
+	}
+
 	len = path_simplify(path_buf, path_buf, len);
 	if (len == 0) goto fail;
 
diff --git a/src/libc/fs/misc.c b/src/libc/fs/misc.c
index d7013e8..67277bf 100644
--- a/src/libc/fs/misc.c
+++ b/src/libc/fs/misc.c
@@ -147,7 +147,6 @@ hid_t ufs_wait(char *buf, size_t len, struct ufs_request *req) {
 				continue;
 			}
 			buf[req->len] = '\0';
-			// TODO ensure passed paths don't have null bytes in them in the kernel
 		}
 		break;
 	}
-- 
cgit v1.2.3