Reserve windows crate names. #695

Merged
merged 1 commit into from Apr 30, 2017

Conversation

Projects
None yet
5 participants
Contributor

withoutboats commented Apr 30, 2017

These names will break cargo on windows machines if uploaded to
the registry.

@withoutboats withoutboats Reserve windows crate names.
These names will break cargo on windows machines if uploaded to
the registry.
35cea41
Contributor

withoutboats commented Apr 30, 2017

NOTE: I do not have a working dev environment for crates.io and I have NOT tested these migrations.

withoutboats referenced this pull request in rust-lang/cargo Apr 30, 2017

Closed

Fresh install unable to install anything #3982

Contributor

withoutboats commented Apr 30, 2017

(also I believe crates.io's namespace is case insensitive let me know if that's wrong)

est31 commented Apr 30, 2017

Also worth testing is whether crates.io has name length restrictions, as too long names could trigger similar situations.

carols10cents merged commit f1e4e4d into rust-lang:master Apr 30, 2017

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Owner

carols10cents commented Apr 30, 2017

@est31 while i'm fixing this, could you create an issue to investigate long names?

Owner

carols10cents commented Apr 30, 2017

Staging deploy complete, deploying to production now.

Owner

carols10cents commented Apr 30, 2017

Production deploy done, and crate removed from the index. Please open new issues for any other problems. Thanks!

This is covered by CWE-67 https://cwe.mitre.org/data/definitions/67.html and may need a CVE, I assume private rust repos are a possibility?

Based on https://msdn.microsoft.com/en-us/library/aa578688.aspx you might want to avoid CLOCK$ and drive letters like A: as well.

Various other sources confirm that for instance https://support.microsoft.com/en-us/help/74496/ms-dos-device-driver-names-cannot-be-used-as-file-names

Contributor

withoutboats commented May 14, 2017

@jpluimers crate names cannot contain either $ or :.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment