[pkg-boost-devel] Bug#565504: libboost-filesystem1.40.0: basename function is not compatible with POSIX; potential for path-related security issues

Roger Leigh rleigh at debian.org
Sat Jan 16 13:49:05 UTC 2010


Package: libboost-filesystem1.40.0
Version: 1.40.0-5
Severity: important

The basename function is not compatible with the POSIX function by the
same name:

Path            POSIX           Boost
test.real       test.real       test
/usr/bin/perl   perl            perl
/usr/lib        lib             lib
/usr/           usr
usr             usr             usr
/               /               /
.               .
..              ..              .

The test program is attached.  Just compile with
  g++ -o testbasename -lboost_filesystem testbasename.cc

http://www.opengroup.org/onlinepubs/000095399/functions/basename.html

• It is not stripping trailing backslashes.

• "if ph.leaf() contains a dot ('.'), returns the substring of ph.leaf() starting from beginning and ending at the last dot (the dot is not included). Otherwise, returns ph.leaf()".  This is wrong, shown by the paths returned for "." ("") and ".." (".") above.

The latter could lead to reading and writing using the wrong path,
which could have security issues if used in a secure context.  This
might be justification for raising the severity of this bug.

Looking at the API reference, it looks like extension() and basename()
may be intended to be complementary and are for splitting a filename
into its main part and extension part, *not* the directory and filename
components of a path.  This should probably be explicitly spelled out
due to the dangerous confusion which may result if used inappropriately.
In particular, "." and ".." definitely need special casing--these are
not extension separators and basename should return them intact;
extension() should return an empty string.


I noticed this when converting schroot to use the boost convenience
function instead of my own.  For reference, this is my version:

std::string
sbuild::basename (std::string name,
		  char        separator = '/')
{
  // Remove trailing separators
  std::string::size_type cur = name.length();
  while (cur > 0 && name[cur - 1] == separator)
    --cur;
  name.resize(cur);

  // Find last separator
  std::string::size_type pos = name.rfind(separator);

  std::string ret;
  if (pos == std::string::npos)
    ret = name; // No separators
  else if (pos == 0 && name.length() == 1 && name[0] == separator)
    ret = separator; // Only separators
  else
    ret = name.substr(pos + 1); // Basename only

  // Remove any duplicate adjacent path separators
  return remove_duplicates(ret, separator);
}


A POSIX-compatible dirname() function would nicely complement a
POSIX-compatible basename() function as an addition to
boost::filesystem.  It looks like these are orthogonal to the
existing functionality, however.


Regards,
Roger

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (550, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libboost-filesystem1.40.0 depends on:
ii  libboost-system1.40.0         1.40.0-5   Operating system (e.g. diagnostics
ii  libc6                         2.10.2-5   Embedded GNU C Library: Shared lib
ii  libgcc1                       1:4.4.2-9  GCC support library
ii  libstdc++6                    4.4.2-9    The GNU Standard C++ Library v3

libboost-filesystem1.40.0 recommends no packages.

libboost-filesystem1.40.0 suggests no packages.

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: testbasename.cc
Type: text/x-c
Size: 758 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-boost-devel/attachments/20100116/3675f711/attachment.bin>


More information about the pkg-boost-devel mailing list