Panic if PathBuf::set_extension would add a path separator

This is likely never intended and potentially a security vulnerability if it happens. I'd guess that it's mostly literal strings that are passed to this function in practice, so I'm guessing this doesn't break anyone. CC #125060
2024-05-13 14:22:45 +02:00 · 2024-05-13 14:22:45 +02:00 · 700b3ea61b
commit 700b3ea61b
parent 6be7b0c7d2
2 changed files with 36 additions and 0 deletions
--- a/library/std/src/path.rs
+++ b/library/std/src/path.rs
@ -1425,6 +1425,11 @@ impl PathBuf {
    /// If `extension` is the empty string, [`self.extension`] will be [`None`]
    /// afterwards, not `Some("")`.
    ///
+    /// # Panics
+    ///
+    /// Panics if the passed extension contains a path separator (see
+    /// [`is_separator`]).
+    ///
    /// # Caveats
    ///
    /// The new `extension` may contain dots and will be used in its entirety,
@ -1470,6 +1475,14 @@ impl PathBuf {
    }

    fn _set_extension(&mut self, extension: &OsStr) -> bool {
+        for &b in extension.as_encoded_bytes() {
+            if b < 128 {
+                if is_separator(b as char) {
+                    panic!("extension cannot contain path separators: {:?}", extension);
+                }
+            }
+        }
+
        let file_stem = match self.file_stem() {
            None => return false,
            Some(f) => f.as_encoded_bytes(),