Assert validity on the raw socket in SockRef::from

Thomasdezeeuw · Thomasdezeeuw · commit f32461a336cc · 2021-07-28T18:56:26.000+02:00
Since we now use the niche feature on Unix it's unsound to use SockRef::from(-1), but it can be done without any unsafe. This change adds an assertion to ensure we hit this soundness issue. Still need to wait on the I/O safety RFC: https://github.com/rust-lang/rfcs/blob/master/text/3128-io-safety.md Tracking issue: rust-lang/rust#87074 Implementation pr: rust-lang/rust#87329
diff --git a/src/sockref.rs b/src/sockref.rs
@@ -109,8 +109,10 @@ where
 {
     /// The caller must ensure `S` is actually a socket.
     fn from(socket: &'s S) -> Self {
+        let fd = socket.as_raw_fd();
+        assert!(fd >= 0);
         SockRef {
-            socket: ManuallyDrop::new(unsafe { Socket::from_raw_fd(socket.as_raw_fd()) }),
+            socket: ManuallyDrop::new(unsafe { Socket::from_raw_fd(fd) }),
             _lifetime: PhantomData,
         }
     }
@@ -125,8 +127,10 @@ where
 {
     /// See the `From<&impl AsRawFd>` implementation.
     fn from(socket: &'s S) -> Self {
+        let socket = socket.as_raw_socket();
+        assert!(socket != winapi::um::winsock2::INVALID_SOCKET as _);
         SockRef {
-            socket: ManuallyDrop::new(unsafe { Socket::from_raw_socket(socket.as_raw_socket()) }),
+            socket: ManuallyDrop::new(unsafe { Socket::from_raw_socket(socket) }),
             _lifetime: PhantomData,
         }
     }
@@ -141,3 +145,11 @@ impl fmt::Debug for SockRef<'_> {
             .finish()
     }
 }
+
+#[test]
+#[should_panic]
+#[cfg(unix)]
+fn sockref_from_invalid_fd() {
+    let raw: std::os::unix::io::RawFd = -1;
+    let _ = SockRef::from(&raw);
+}

Original file line number	Diff line number	Diff line change
`@@ -109,8 +109,10 @@ where`
`109`	`109`	`{`
`110`	`110`	/// The caller must ensure `S` is actually a socket.
`111`	`111`	`fn from(socket: &'s S) -> Self {`
	`112`	`+ let fd = socket.as_raw_fd();`
	`113`	`+ assert!(fd >= 0);`
`112`	`114`	`SockRef {`
`113`		`- socket: ManuallyDrop::new(unsafe { Socket::from_raw_fd(socket.as_raw_fd()) }),`
	`115`	`+ socket: ManuallyDrop::new(unsafe { Socket::from_raw_fd(fd) }),`
`114`	`116`	`_lifetime: PhantomData,`
`115`	`117`	`}`
`116`	`118`	`}`
`@@ -125,8 +127,10 @@ where`
`125`	`127`	`{`
`126`	`128`	/// See the `From<&impl AsRawFd>` implementation.
`127`	`129`	`fn from(socket: &'s S) -> Self {`
	`130`	`+ let socket = socket.as_raw_socket();`
	`131`	`+ assert!(socket != winapi::um::winsock2::INVALID_SOCKET as _);`
`128`	`132`	`SockRef {`
`129`		`- socket: ManuallyDrop::new(unsafe { Socket::from_raw_socket(socket.as_raw_socket()) }),`
	`133`	`+ socket: ManuallyDrop::new(unsafe { Socket::from_raw_socket(socket) }),`
`130`	`134`	`_lifetime: PhantomData,`
`131`	`135`	`}`
`132`	`136`	`}`
`@@ -141,3 +145,11 @@ impl fmt::Debug for SockRef<'_> {`
`141`	`145`	`.finish()`
`142`	`146`	`}`
`143`	`147`	`}`
	`148`	`+`
	`149`	`+#[test]`
	`150`	`+#[should_panic]`
	`151`	`+#[cfg(unix)]`
	`152`	`+fn sockref_from_invalid_fd() {`
	`153`	`+ let raw: std::os::unix::io::RawFd = -1;`
	`154`	`+ let _ = SockRef::from(&raw);`
	`155`	`+}`