From cd1f047575baf3590f4ae6625eb45f535ceec955 Mon Sep 17 00:00:00 2001
From: Jamil <jamilbk@users.noreply.github.com>
Date: Tue, 30 Jan 2024 17:49:51 -0800
Subject: [PATCH] fix(connlib): handle null-termination of TUN device path
 string correctly (#3449)

Credit to @Intuinewin from #3445

---------

Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
---
 rust/connlib/tunnel/src/device_channel/tun_linux.rs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/rust/connlib/tunnel/src/device_channel/tun_linux.rs b/rust/connlib/tunnel/src/device_channel/tun_linux.rs
index 4323059af..d119c2e9d 100644
--- a/rust/connlib/tunnel/src/device_channel/tun_linux.rs
+++ b/rust/connlib/tunnel/src/device_channel/tun_linux.rs
@@ -15,6 +15,7 @@ use std::net::IpAddr;
 use std::path::Path;
 use std::task::{Context, Poll};
 use std::{
+    ffi::CStr,
     fmt, fs, io,
     os::{
         fd::{AsRawFd, RawFd},
@@ -29,13 +30,15 @@ pub(crate) const SIOCGIFMTU: libc::c_ulong = libc::SIOCGIFMTU;
 
 const IFACE_NAME: &str = "tun-firezone";
 const TUNSETIFF: libc::c_ulong = 0x4004_54ca;
-const TUN_FILE: &[u8] = b"/dev/net/tun\0";
 const TUN_DEV_MAJOR: u32 = 10;
 const TUN_DEV_MINOR: u32 = 200;
 const RT_PROT_STATIC: u8 = 4;
 const DEFAULT_MTU: u32 = 1280;
 const FILE_ALREADY_EXISTS: i32 = -17;
 
+// Safety: We know that this is a valid C string.
+const TUN_FILE: &CStr = unsafe { CStr::from_bytes_with_nul_unchecked(b"/dev/net/tun\0") };
+
 pub struct Tun {
     handle: Handle,
     connection: tokio::task::JoinHandle<()>,
@@ -242,7 +245,7 @@ fn set_non_blocking(fd: RawFd) -> Result<()> {
 }
 
 fn create_tun_device() -> Result<()> {
-    let path = Path::new(std::str::from_utf8(TUN_FILE).unwrap());
+    let path = Path::new(TUN_FILE.to_str().expect("path is valid utf-8"));
 
     if path.exists() {
         return Ok(());