binary_to_term, now with options!
Jayson Vantuyl
kagato@REDACTED
Mon Jan 4 16:06:16 CET 2010
git fetch git://github.com/jvantuyl/otp.git binary_to_term_opts
From e9be98f7d80b488bebd8dd5b30ef03ef7574f186 Mon Sep 17 00:00:00 2001
From: Jayson Vantuyl <jvantuyl@REDACTED>
Date: Mon, 4 Jan 2010 06:53:47 -0800
Subject: [PATCH] add options to binary_to_term
binary_to_term is a powerful tool for easily shuttling data over
the network. It is not suitable for use with untrusted data, as it
happily leaks atoms and transfers data types that can carry
arbitrary data into your code (funs, pids, refs).
After a short discussion on the list, consensus appears to be that
binary_to_term needed options. This patch implements the second
form of binary_to_term that takes options, and a simple option
called 'safe'. If specified, this option will refuse to decode
any dangerous data types and will not leak atoms.
---
erts/doc/src/erlang.xml | 19 +++++
erts/emulator/beam/atom.names | 1 +
erts/emulator/beam/bif.tab | 5 ++
erts/emulator/beam/external.c | 128 ++++++++++++++++++++++++++++++-----
erts/emulator/beam/external.h | 3 +
erts/emulator/test/binary_SUITE.erl | 13 +++-
lib/stdlib/src/erl_internal.erl | 2 +-
7 files changed, 152 insertions(+), 19 deletions(-)
More information about the erlang-patches
mailing list