[erlang-questions] Is binary_to_term() safe for non trusted sources?
Andras Georgy Bekes
bekesa@REDACTED
Wed Mar 25 12:39:29 CET 2009
> Is it safe to decode a binary directly into an erlang term from an
> uncontrolled client? My instinct says it's unsafe, but it doesn't say
> so in the docs (maybe because it's obvious). Is there anyway to
> really do harm if what is done with the decoded terms in erlang is
> controlled?
I can mention a possible DOS attack: an evil client can send you terms
containing thousands of new atoms, and fill your atom table, causing a
VM crash.
Georgy
More information about the erlang-questions
mailing list