Unsoundness in "string_from_c_char"

[lwz23]

Describe the bug
The string_from_c_char functions use CStr::from_ptr to convert a raw pointer (*const c_char) into a CStr. However, the functions do not validate that the pointer meets the necessary safety requirements. This may lead to Undefined Behavior (UB) if the pointer is invalid, null, or if the data it references is not null-terminated.

phala-blockchain/standalone/prouter/src/i2pd.rs

Line 56 in 6877d14

let c_str = unsafe { CStr::from_ptr(c_char) };

pub fn string_from_c_char(c_char: *const c_char) -> Result<String> {
    let c_str = unsafe { CStr::from_ptr(c_char) };
    Ok(c_str.to_str()?.to_owned())
}

Expected behavior
The functions should validate the input pointer to ensure that:
It is not null.
It points to valid memory.
It references a null-terminated C string.
The functions should gracefully handle invalid inputs by returning an appropriate error instead of invoking Undefined Behavior.
Additional context
Expected behavior includes:
Validating the raw pointer before dereferencing it.
Ensuring the memory it points to is a valid, null-terminated C string.

[lwz23]

ping?

[kvinwang]

@lwz23 Thank you for the discovery. However, the prouter component has ceased development and has never been integrated in any product. We plan to remove it from this repository.

[lwz23]

Ok, thanks for your reply :)