[security] write_string panics upon null byte injection attempts - Githubissues

informationsea / xlsxwriter-rs

Excel file writer for Rust

https://crates.io/crates/xlsxwriter

Apache License 2.0

266 stars 47 forks source link

[security] write_string panics upon null byte injection attempts #38

Closed ghost closed 2 years ago

ghost commented 2 years ago

I noticed write_string and potentially other public interfaces panic upon nul byte input.

I have recreated in a test here: https://github.com/informationsea/xlsxwriter-rs/blob/30a7d93cc3d8a50a07399420b45b76c4bfd2ffb2/libxlsxwriter/src/test.rs#L38-L45

how would you like to resolve this? I'm happy to add defensive programming or improve the block so we can handle should CString error.

I believe the affected code is here: https://github.com/informationsea/xlsxwriter-rs/blob/4ca83f1eb6009687366742227a5b607c5eaeeaac/libxlsxwriter/src/worksheet/mod.rs#L419-L440

helpful links

https://doc.rust-lang.org/std/ffi/struct.CString.html#method.new
null byte injection tutorial https://resources.infosecinstitute.com/topic/null-byte-injection-php/

informationsea commented 2 years ago

I fixed this problem at 9e68136 . Now xlsxwriter-rs will not panic when null bytes are included in &str. Thank you for your report.