Bidi Trojan Source Linter Bypassed in Format Strings #94945
Assignees
Labels
A-fmt
Area: `core::fmt`
A-lints
Area: Lints (warnings about flaws in source code) such as unused_mut.
A-macros
Area: All kinds of macros (custom derive, macro_rules!, proc macros, ..)
A-security
Area: Security (example: address space layout randomization).
A-Unicode
Area: Unicode
C-bug
Category: This is a bug.
T-compiler
Relevant to the compiler team, which will review and decide on the PR/issue.
Comments
|
This was discussed with the Rust Security Response WG (not just me) and we agreed with making this issue public. |
fmease
added
A-Unicode
fmease
added
A-lints
rust-timer
added a commit
to rust-lang-ci/rust
that referenced
this issue
Dec 31, 2024
Rollup merge of rust-lang#134956 - compiler-errors:format-args-hidden-chars, r=jieyouxu Account for C string literals and `format_args` in `HiddenUnicodeCodepoints` lint This is stacked on rust-lang#134955, and either that can land first or both of them can land together here. I split this out because this is a bit more involved of an impl. Fixes rust-lang#94945
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This relates to the Trojan Source exploit.
I tried this code:
Where RLO are the raw bytes representing "\u202e" (or any of the other forbidden stateful bidi control characters) does not trigger the linter, whereas e.g.:
Does trigger the linter (as it should).
This was seen with:
I discussed this over e-mail with @pietroalbini and he recommended I post this as a regular issue since most editors / code review sites now handle the bidi stateful controls more gracefully than they did when the bidi trojan vulnerability was original disclosed.
The text was updated successfully, but these errors were encountered: