Merge pull request #143 from benhumphreys/harden-null-injection

Add a check for NUL characters in NuProcessBuilder to ensure the arguments provided to the command in code are interpreted consistently when the native process is started.
brettwooldridge · Sep 20, 2022 · 29bc09d · 29bc09d
2 parents 4953d61 + 467b28a
commit 29bc09d
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 0 deletions.
diff --git a/src/main/java/com/zaxxer/nuprocess/NuProcessBuilder.java b/src/main/java/com/zaxxer/nuprocess/NuProcessBuilder.java
@@ -253,6 +253,7 @@ public void setCwd(Path cwd)
     */
    public NuProcess start()
    {
+      ensureNoNullCharacters(command);
       ensureListener();
       String[] env = prepareEnvironment();
 
@@ -267,6 +268,7 @@ public NuProcess start()
     */
    public void run()
    {
+      ensureNoNullCharacters(command);
       ensureListener();
       String[] env = prepareEnvironment();
 
@@ -280,6 +282,14 @@ private void ensureListener()
       }
    }
 
+   private void ensureNoNullCharacters(List<String> commands) {
+      for (String command : commands) {
+         if (command.indexOf('\u0000') >= 0) {
+            throw new IllegalArgumentException("Commands may not contain null characters");
+         }
+      }
+   }
+
    private String[] prepareEnvironment()
    {
       String[] env = new String[environment.size()];

diff --git a/src/test/java/com/zaxxer/nuprocess/RunTest.java b/src/test/java/com/zaxxer/nuprocess/RunTest.java
@@ -316,6 +316,32 @@ public void softCloseStdinAfterWrite()
       System.err.println("Completed test softCloseStdinAfterWrite()");
    }
 
+   @Test(expected = IllegalArgumentException.class)
+   public void nullCommandViaCommandMutationWithRun() {
+      NuProcessBuilder pb = new NuProcessBuilder(new NullProcessHandler(), command);
+      pb.command().add("--foo\0--bar");
+      pb.run();
+   }
+
+   @Test(expected = IllegalArgumentException.class)
+   public void nullCommandViaCommandMutationWithStart() {
+      NuProcessBuilder pb = new NuProcessBuilder(new NullProcessHandler(), command);
+      pb.command().add("--foo\0--bar");
+      pb.start();
+   }
+
+   @Test(expected = IllegalArgumentException.class)
+   public void nullCommandViaConstructorWithRun() {
+      NuProcessBuilder pb = new NuProcessBuilder(new NullProcessHandler(), command, "--foo\0--bar");
+      pb.run();
+   }
+
+   @Test(expected = IllegalArgumentException.class)
+   public void nullCommandViaConstructorWithStart() {
+      NuProcessBuilder pb = new NuProcessBuilder(new NullProcessHandler(), command, "--foo\0--bar");
+      pb.start();
+   }
+
    private static byte[] getLotsOfBytes()
    {
       StringBuilder sb = new StringBuilder();
@@ -395,6 +421,9 @@ boolean checkAdlers()
       }
    }
 
+   private static class NullProcessHandler extends NuAbstractProcessHandler {
+   }
+
    private static class Utf8DecodingListener extends NuAbstractCharsetHandler
    {
       private final CharBuffer utf8Buffer;