Don't ignore Errors whose ErrorKind is not DirectoryNotEmpty in util::delete_file #1353

New Issue

MrUnknownDE · 2026-04-06T01:50:04+02:00

MrUnknownDE commented

2026-04-06 01:50:04 +02:00

Originally created by @zacknewman on 11/17/2023

One could argue this is a bug; but if not, then move to a discussion. Currently util::delete_file ignores all errors from std::fs::remove_dir; however as the comment states, only Errors whose ErrorKind is ErrorKind::DirectoryNotEmpty should be ignored.

Fixes:

Use nightly and enable the io_error_more feature, then explicitly check the returned ErrorKind and only ignore when it is DirectoryNotEmpty.
Depending on the choice of an optimistic vs. pessimistic strategy, either first check the directory is empty before calling or check that it is not empty after calling and erroring (e.g., if fs::read_dir(path)?.next().is_none() { fs::remove_dir(path) } else { Ok(()) }).

Obviously only the nightly strategy avoids a TOCTOU race condition/attack, but I understand wanting to remain on stable.

*Originally created by @zacknewman on 11/17/2023* One could argue this is a bug; but if not, then move to a discussion. Currently [`util::delete_file`](https://github.com/dani-garcia/vaultwarden/blob/main/src/util.rs#L365) ignores _all_ errors from `std::fs::remove_dir`; however as the comment states, only `Error`s whose `ErrorKind` is `ErrorKind::DirectoryNotEmpty` should be ignored. Fixes: * Use `nightly` and enable the `io_error_more` `feature`, then explicitly check the returned `ErrorKind` and only ignore when it is `DirectoryNotEmpty`. * Depending on the choice of an optimistic vs. pessimistic strategy, either first check the directory is empty before calling or check that it is not empty after calling and erroring (e.g., `if fs::read_dir(path)?.next().is_none() { fs::remove_dir(path) } else { Ok(()) }`). Obviously only the `nightly` strategy avoids a TOCTOU race condition/attack, but I understand wanting to remain on `stable`.

MrUnknownDE closed this issue

2026-04-06 01:50:04 +02:00

MrUnknownDE added the enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement labels 2026-04-06 01:50:07 +02:00

Sign in to join this conversation.

No Label enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#1353