Security of binary_to_term ?
Wed Jul 4 14:06:02 CEST 2001
In article <15161.49225.526286.218186@REDACTED>,
Pascal Brisset <pascal.brisset@REDACTED> wrote:
>erlang:binary_to_term/1 generally exits with 'badarg' when applied to
>invalid inputs. Is this behaviour guaranteed ? In other words, is it
>safe to decode untrusted data with binary_to_term ?
>The purpose is to send data between untrusted nodes with
>term_to_binary and binary_to_term over TCP, rather than with the
>erlang distribution protocol.
Note that 'binary_to_term' silently accepts garbage lying after the
This has been the case since R6B, and is the intended behaviour.
More information about the erlang-questions