-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor idea: strings that are both str
and CStr
#748
Comments
Note that as presented here, I would go for the second approach, but also consider using a version without any
|
I like this idea and I think we should implement it, I don't have a strong opinion about either implementation so I'd check how often would we call |
Is this related to #213? Does it subsume it? |
I think this issue is a particular subset of #213 as the latter also discuss things like |
these are versions of libstd's String and PathBuf that contain no null bytes and thus can be easily converted into CStr SudoPath has the additional invariant that it is UTF-8 encoded. SudoPath is used to represent CHDIR which appears in the sudoers file. sudo-rs only accepts UTF-8 encoded sudoers files closes #748
these are versions of libstd's String and PathBuf that contain no null bytes and thus can be easily converted into CStr SudoPath has the additional invariant that it is UTF-8 encoded. SudoPath is used to represent CWD which appears in the sudoers file. sudo-rs only accepts UTF-8 encoded sudoers files closes #748
there are a few places in the codebase where Rust
str
ings are converted intoCStr
prior to calling libc functions (example below).The conversion is runtime checked because
str
can contain null bytes whereasCStr
cannot.Some of the
str
ings subjected to these conversions cannot contain null bytes because, e.g., they come from the command line interface and due to the wayexec*
functions work command line arguments cannot contain null bytes.So one could envision a newtype that allows infallible conversion to both
str
andCStr
This could be used for example in the
User
struct:sudo-rs/src/system/mod.rs
Line 260 in 9a7f38f
The goal would be to push the runtime check / validation towards the "edge" of sudo-rs, e.g. where CLI parsing happens, and then avoid further runtime checks in the rest of the pipeline.
Alternatively, one could push a null byte into the
str
when creating aSudoString
to reduce allocations -- at the cost of adding moreunsafe
blocks.The text was updated successfully, but these errors were encountered: