[erlang-questions] Is binary_to_term() safe for non trusted sources?

Andras Georgy Bekes bekesa@REDACTED
Wed Mar 25 12:39:29 CET 2009


> Is it safe to decode a binary directly into an erlang term from an
> uncontrolled client? My instinct says it's unsafe, but it doesn't say
> so in the docs (maybe because it's obvious). Is there anyway to
> really do harm if what is done with the decoded terms in erlang is
> controlled?

I can mention a possible DOS attack: an evil client can send you terms 
containing thousands of new atoms, and fill your atom table, causing a 
VM crash.

	Georgy



More information about the erlang-questions mailing list