Security of binary_to_term ?
Wed Jun 27 14:19:57 CEST 2001
On Wed, Jun 27, 2001 at 01:15:21PM +0200, Pascal Brisset wrote:
> erlang:binary_to_term/1 generally exits with 'badarg' when applied to
> invalid inputs. Is this behaviour guaranteed ? In other words, is it
> safe to decode untrusted data with binary_to_term ?
> The purpose is to send data between untrusted nodes with
> term_to_binary and binary_to_term over TCP, rather than with the
> erlang distribution protocol.
A number of checks are done trying to validate the data, however
I think there are some pathological cases left where the emulator
dies. Think so anyway.
An aside note: If you get the data over TCP, why should it be
invalid. TCP ensures the data is non corrupted.... or maybe you
are worrying over rouge nodes ???
Claes Wikstrom -- Caps lock is nowhere and
Alteon WebSystems -- everything is under control
More information about the erlang-questions