Rollup merge of #72888 - poliorcetics:improve-read_line-read_until-doc, r=Dylan-DPC

Dylan-DPC · web-flow · commit 9763e0c089c1 · 2020-06-02T18:29:59.000+02:00
Add a warning about infinite reading in read_(until|line) Fix for #48788. This PR adds a warning to [`BufRead::read_line`](https://doc.rust-lang.org/stable/std/io/trait.BufRead.html#method.read_line) and [`BufRead::read_until`](https://doc.rust-lang.org/stable/std/io/trait.BufRead.html#method.read_until) about the possibility of an attack using the behaviour of these functions. I did not mention a possible fix (using [`Read::take`](https://doc.rust-lang.org/stable/std/io/trait.Read.html#method.take), should I ?
diff --git a/src/libstd/io/mod.rs b/src/libstd/io/mod.rs
@@ -1883,6 +1883,10 @@ pub trait BufRead: Read {
     ///
     /// If successful, this function will return the total number of bytes read.
     ///
+    /// This function is blocking and should be used carefully: it is possible for
+    /// an attacker to continuously send bytes without ever sending the delimiter
+    /// or EOF.
+    ///
     /// # Errors
     ///
     /// This function will ignore all instances of [`ErrorKind::Interrupted`] and
@@ -1945,6 +1949,10 @@ pub trait BufRead: Read {
     ///
     /// If this function returns `Ok(0)`, the stream has reached EOF.
     ///
+    /// This function is blocking and should be used carefully: it is possible for
+    /// an attacker to continuously send bytes without ever sending a newline
+    /// or EOF.
+    ///
     /// # Errors
     ///
     /// This function has the same error semantics as [`read_until`] and will
