From d976180a1b00dbf6b03fc00ea54a017041ca591e Mon Sep 17 00:00:00 2001
From: SoniEx2 <endermoneymod@gmail.com>
Date: Sun, 13 Jun 2021 09:19:23 -0300
Subject: Fix potential unsound with malicious input

---
 Cargo.toml | 2 +-
 src/lib.rs | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 996f8b2..6291df5 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "testserver"
-version = "0.1.1"
+version = "0.1.2"
 description = "Static HTTP webserver that stores resources as strings"
 readme = "README.md"
 authors = ["SoniEx2 <endermoneymod@gmail.com>"]
diff --git a/src/lib.rs b/src/lib.rs
index af2f994..b40abad 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -14,12 +14,14 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
+#![forbid(unsafe_code)]
+
 //! Webserver helper for writing tests.
 
 use std::convert::TryInto;
 use std::io::Cursor;
 use std::num::NonZeroU16;
-use std::str::from_utf8_unchecked;
+use std::str::from_utf8;
 use std::sync::Arc;
 
 use ar::Archive;
@@ -123,8 +125,7 @@ pub fn serve(archive: &'static str) -> Server {
                             current.as_mut().unwrap().next_entry()
                         {
                             let name = entry.header().identifier();
-                            // SAFETY: the input "file" is an &str already.
-                            let name = unsafe { from_utf8_unchecked(name) };
+                            let name = from_utf8(name).unwrap();
                             size = entry.header().size() as usize;
                             if let Some(suffix) = name.strip_prefix(&part) {
                                 // the suffix here isn't 'static, but we need
-- 
cgit v1.2.3