Rollup merge of #72888 - poliorcetics:improve-read_line-read_until-doc, r=Dylan-DPC

Add a warning about infinite reading in read_(until|line) Fix for #48788. This PR adds a warning to [`BufRead::read_line`](https://doc.rust-lang.org/stable/std/io/trait.BufRead.html#method.read_line) and [`BufRead::read_until`](https://doc.rust-lang.org/stable/std/io/trait.BufRead.html#method.read_until) about the possibility of an attack using the behaviour of these functions. I did not mention a possible fix (using [`Read::take`](https://doc.rust-lang.org/stable/std/io/trait.Read.html#method.take), should I ?
2025-02-16 17:03:35 +00:00 · 2020-06-02 18:29:59 +02:00 · 2020-06-02 18:29:59 +02:00 · 9763e0c089
commit 9763e0c089
parent 466d3e702a d8cc2c1e4f
1 changed files with 8 additions and 0 deletions
--- a/src/libstd/io/mod.rs
+++ b/src/libstd/io/mod.rs
@ -1883,6 +1883,10 @@ pub trait BufRead: Read {
    ///
    /// If successful, this function will return the total number of bytes read.
    ///
+    /// This function is blocking and should be used carefully: it is possible for
+    /// an attacker to continuously send bytes without ever sending the delimiter
+    /// or EOF.
+    ///
    /// # Errors
    ///
    /// This function will ignore all instances of [`ErrorKind::Interrupted`] and
@ -1945,6 +1949,10 @@ pub trait BufRead: Read {
    ///
    /// If this function returns `Ok(0)`, the stream has reached EOF.
    ///
+    /// This function is blocking and should be used carefully: it is possible for
+    /// an attacker to continuously send bytes without ever sending a newline
+    /// or EOF.
+    ///
    /// # Errors
    ///
    /// This function has the same error semantics as [`read_until`] and will