Cryptographically verifiable, distributed dependency reviews
Add the last reviewed version to Cargo.toml / [dependencies]:
unix_socket = "0.5.0"
Please, use mobile in landscape.
Filter reviews clicking on the numbers in the summary.
Full column names in tooltip hints: rating Negative, rating Neutral, rating Positive, rating Strong, thoroughness, understanding, reviews count.
© bestia.dev 2023, MIT License, Version: 2023.608.1636
Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/
Disclaimer: as far as syscall usage is concerned, this review
considers only the behavior on Linux.
Cons
really avoidable when working closely with C APIs though.
g. calling
shutdown()
twice on one socket. The result ishandled safely though even under programmer errors.
be deprecated
try!()
and thus may not build with a futureversion of Rust.
Pros
unsafe
is never gratuitous.the type level.
lib.rs
general considerations
return values to
io::Result
.unsafe
use safe lower level constructs.unsafe code
There is only one source file,
lib.rs
, so all uses of“unsafe” are found there.
fn sun_path_offset()
: calculates the offset of a structmember using pointer arithmetic. Circumnavigates possible UB
(cf. https://internals.rust-lang.org/t/9273/127).
offsetof()
is still an unsolved problem in Rust.impl Drop for Inner
: obligatory dtor.fn Inner::new()
: wrapssocket(2)
; return valuehandled ok.
fn Inner::new_pair()
: wrapssocketpair(2)
; returnvalue handled ok; out parameter handled correctly.
fn Inter::try_clone()
: wrapsdup(2)
; return valuehandled ok.
fn Inner::shutdown()
: wrapsshutdown(2)
; return valuehandled ok; API safe by accepting an enum wrapper over the
int how
argument.fn Inner::timeout()
: wrapsgetsockopt(2)
; returnvalue handled ok; out parameter (
struct timeval
) handledok.
fn Inner::set_timeout()
: wrapssetsockopt(2)
; returnvalue handled ok; correct input validation, catching out of
range values for
time_t
argument using saturatingarithmetic.
±
fn Inner::set_nonblocking()
: wrapsioctl(2)
withFIONBIO
; return value handled ok. Why not usefcntl(2)
with
O_NONBLOCK
instead? Probably to save one syscall? Thiswarrants an explantory comment.
fn Inner::take_error()
: wrapsgetsockopt(2)
; returnvalue handled ok; out parameter ok.
unsafe fn sockaddr_un()
: initializes astruct sockaddr_un
; inputs validated appropriately; raw pointeraccess provably within bounds.
fn SocketAddr::new()
: obtains a socket address; for usewith
getpeername()
/getsockname()
etc.; return valuehandled ok (assuming the passed function returns the syscall
return value).
fn SocketAddr::address()
: casts memory of a wrapped typefrom
[char]
to[u8]
; array bounds are preserved thussubsequent accesses return slices with valid bounds.
fn UnixStream::connect()`: public API wrapping socket creation and
connect(2)``; arguments obtained from internalAPIs deemed safe; return value handled ok.
fn UnixStream::local_addr()`: wraps
getsockname(2); return value and arguments handled by
SocketAddr::new()``.fn UnixStream::peer_addr()`: wraps
getpeername(2); return value and arguments handled by
SocketAddr::new()``.impl Read for UnixStream, fn read()
: wrapsrecv(2)
;return value handled ok; argument values obtained from safe
rust type.
impl Write for UnixStream, fn write()
: wrapssend(2)
;return value handled ok; argument values obtained from safe
rust type.
impl FromRawFd for UnixStream, fn from_raw_fd()
: unsafetrait; constructs a
UnixStream
without validating thearugment.
±
fn UnixListener::bind()
: wraps socket creation,bind(2)
andlisten(2
; return values handled ok; backlogof socket queue hard-coded to the default Linux maximum of 128
which is reasonable but deserves mention in the docs.
fn UnixListener::accept()
: wrapper foraccept(2)
;return value and argument checks deferred to
SocketAddr::new()
.fn UnixListener::local_addr()
: wrapper forgetsockname(2)
; return value and arguments handled bySocketAddr::new()
.impl FromRawFd for UnixListener, fn from_raw_fd()
: unsafetrait, constructs
UnixListener
without validating anything.fn UnixDatagram::bind()
: wrapsbind(2)
forSOCK_DGRAM
type sockets; return value handled ok; argsobtained from safe wrappers.
fn UnixDatagram::connect()
: wrapsconnect(2)
; returnvalue handled ok; args obtained from safe wrappers.
fn UnixDatagram::local_addr()`: wraps
getsockname(2); return value and arguments handled by
SocketAddr::new()``.fn UnixDatagram::peer_addr()`: wraps
getpeername(2); return value and arguments handled by
SocketAddr::new()``.fn UnixDatagram::recv_from()`: wraps
recvfrom(2)``;return value handled ok; args obtained from safe wrappers.
fn UnixDatagram::recv()`: wraps
recv(2)``; args obtainedfrom safe types; return value handled ok.
fn UnixDatagram::send_to()`: wraps
send_to(2)``; argsobtained from safe types; return value handled ok.
fn UnixDatagram::send()`: wraps
send_to(2)``; argsobtained from safe types; return value handled ok.
impl FromRawFd for UnixDatagram, fn from_raw_fd()
: unsafetrait, constructs
UnixDatagram
without validating anything.