These reviews are from cargo-vet. To add your review, set up cargo-vet
and submit your URL to its registry.
0.3.0 (current)
From kornelski/crev-proofs copy of salsa.debian.org.
Packaged for Debian (stable). Changelog:
- Package const-cstr 0.3.0 from crates.io using debcargo 2.5.0
0.3.0 (current)
From kornelski/crev-proofs copy of git.savannah.gnu.org.
Packaged for Guix (crates-io)
cargo-vet does not verify reviewers' identity. You have to fully trust the source the audits are from.
- unknown
-
May have been packaged automatically without a review
- safe-to-run
-
This crate can be compiled, run, and tested on a local workstation or in controlled automation without surprising consequences. More…
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball.
To review the actual code of the crate, it's best to use cargo crev open const-cstr
. Alternatively, you can download the tarball of const-cstr v0.3.0 or view the source online.
Last release was about five years ago.
The maintainer(s) have been unreachable to respond to any issues that may or may not include security issues.
The repository is now archived and there is no security policy in place to contact the maintainer(s) otherwise.
No direct fork exist.
const-cstr is Unsound
The crate violates the safety contract of ffi::CStr::from_bytes_with_nul_unchecked used in
ConstCStr::as_cstr
No interior nul bytes checking is done either by the constructor or the canonical macro to create the
ConstCStr
const-cstr Panic
Additionally the crate may cause runtime panics if statically compiled and ran with any untrusted data that is not nul-terminated.
This is however unlikely but the the crate should not be used for untrusted data in context where panic may create a DoS vector.
Possible Alternatives
The below may or may not provide alternative(s)