Security of binary_to_term ?

Klacke <>
Wed Jun 27 14:19:57 CEST 2001


On Wed, Jun 27, 2001 at 01:15:21PM +0200, Pascal Brisset wrote:
> erlang:binary_to_term/1 generally exits with 'badarg' when applied to
> invalid inputs. Is this behaviour guaranteed ? In other words, is it
> safe to decode untrusted data with binary_to_term ?
> 
> The purpose is to send data between untrusted nodes with
> term_to_binary and binary_to_term over TCP, rather than with the
> erlang distribution protocol.
> 


A number of checks are done trying to validate the data, however
I think there are some pathological cases left where the emulator
dies. Think so anyway.

An aside note: If you get the data over TCP, why should it be
invalid. TCP ensures the data is non corrupted.... or maybe you
are worrying over rouge nodes ??? 

/klacke

-- 
Claes Wikstrom                        -- Caps lock is nowhere and
Alteon WebSystems                     -- everything is under control          
http://www.bluetail.com/~klacke       --




More information about the erlang-questions mailing list