diff options
| author | Joakim Hulthe <joakim.hulthe@mullvad.net> | 2025-02-13 18:39:52 +0100 |
|---|---|---|
| committer | Joakim Hulthe <joakim.hulthe@mullvad.net> | 2025-02-25 13:43:53 +0100 |
| commit | b899e4b0cda73cca24dc22c8396d72b1cc39dc6c (patch) | |
| tree | ac54e67c63c404f7d30829cc08c332e7ab1fe21c | |
| parent | 0cce552a63620ca316a21ee29abcb9f0ab23cf52 (diff) | |
| download | mullvadvpn-b899e4b0cda73cca24dc22c8396d72b1cc39dc6c.tar.xz mullvadvpn-b899e4b0cda73cca24dc22c8396d72b1cc39dc6c.zip | |
Fix improper pointer provenance
`&mut buffer[0] as *mut u8` will create a raw pointer that is only
allowed to access the very first byte of `buffer`. `slice::as_mut_ptr`
is preferred.
| -rw-r--r-- | talpid-core/src/dns/windows/tcpip.rs | 8 | ||||
| -rw-r--r-- | talpid-openvpn/src/wintun.rs | 7 | ||||
| -rw-r--r-- | talpid-windows/src/net.rs | 4 |
3 files changed, 12 insertions, 7 deletions
diff --git a/talpid-core/src/dns/windows/tcpip.rs b/talpid-core/src/dns/windows/tcpip.rs index 70bb4660d6..3e0a8ea6e1 100644 --- a/talpid-core/src/dns/windows/tcpip.rs +++ b/talpid-core/src/dns/windows/tcpip.rs @@ -164,8 +164,12 @@ fn flush_dns_cache() -> Result<(), Error> { /// Obtain a string representation for a GUID object. fn string_from_guid(guid: &GUID) -> String { let mut buffer = [0u16; 40]; - let length = unsafe { StringFromGUID2(guid, &mut buffer[0] as *mut _, buffer.len() as i32 - 1) } - as usize; + + let length = + // SAFETY: `guid` and `buffer` are valid references. + // StringFromGUID2 won't write past the end of the provided length. + unsafe { StringFromGUID2(guid, buffer.as_mut_ptr(), buffer.len() as i32 - 1) } as usize; + // cannot fail because `buffer` is large enough assert!(length > 0); let length = length - 1; diff --git a/talpid-openvpn/src/wintun.rs b/talpid-openvpn/src/wintun.rs index 21c81e0161..ef5ebd5482 100644 --- a/talpid-openvpn/src/wintun.rs +++ b/talpid-openvpn/src/wintun.rs @@ -349,8 +349,11 @@ fn find_adapter_registry_key(find_guid: &str, permissions: REG_SAM_FLAGS) -> io: /// Obtain a string representation for a GUID object. fn string_from_guid(guid: &GUID) -> String { let mut buffer = [0u16; 40]; - let length = unsafe { StringFromGUID2(guid, &mut buffer[0] as *mut _, buffer.len() as i32 - 1) } - as usize; + + // SAFETY: `guid` and `buffer` are valid references. + let length = + unsafe { StringFromGUID2(guid, buffer.as_mut_ptr(), buffer.len() as i32 - 1) } as usize; + // cannot fail because `buffer` is large enough assert!(length > 0); let length = length - 1; diff --git a/talpid-windows/src/net.rs b/talpid-windows/src/net.rs index a15a2a82db..33c79e1a9d 100644 --- a/talpid-windows/src/net.rs +++ b/talpid-windows/src/net.rs @@ -393,9 +393,7 @@ pub fn luid_from_alias<T: AsRef<OsStr>>(alias: T) -> io::Result<NET_LUID_LH> { /// Returns the alias of an interface given its LUID. pub fn alias_from_luid(luid: &NET_LUID_LH) -> io::Result<OsString> { let mut buffer = [0u16; IF_MAX_STRING_SIZE as usize + 1]; - win32_err!(unsafe { - ConvertInterfaceLuidToAlias(luid, &mut buffer[0] as *mut _, buffer.len()) - })?; + win32_err!(unsafe { ConvertInterfaceLuidToAlias(luid, buffer.as_mut_ptr(), buffer.len()) })?; let nul = buffer.iter().position(|&c| c == 0u16).unwrap(); Ok(OsString::from_wide(&buffer[0..nul])) } |