Skip to content

std: reject interior NULs in UEFI process::Command argument encoding#603

Open
SebTardif wants to merge 1 commit into
mainfrom
fix-r76-uefi-cmd-args-nul
Open

std: reject interior NULs in UEFI process::Command argument encoding#603
SebTardif wants to merge 1 commit into
mainfrom
fix-r76-uefi-cmd-args-nul

Conversation

@SebTardif

@SebTardif SebTardif commented Jun 24, 2026

Copy link
Copy Markdown
Owner

Fixes #601

Summary

create_args now rejects program/arg OsStrs containing interior wide 0 (same policy as os_string_to_raw / OwnedDevicePath::from_text) and returns io::Result. output() propagates the error before set_args.

Origin

External-input audit (UEFI process spawn / C-style wide strings), SebTardif/rust.

Test plan

  • UEFI-only path; logic mirrors existing UEFI NUL checks in helpers.rs.
  • Normal args without embedded 0 unchanged.

@SebTardif
std: reject interior NULs in UEFI process::Command argument encoding
91f6aa4 
create_args copied program and arg OsStrs into a wide LoadOptions buffer
without rejecting embedded 0 units. UEFI treats these as C-style wide
strings (see os_string_to_raw / OwnedDevicePath::from_text), so an
interior NUL would truncate the command line. Return InvalidInput early.

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

UEFI process::Command create_args does not reject interior NUL in program/args

1 participant

@SebTardif