Security of binary_to_term ?
Klacke
klacke@REDACTED
Wed Jun 27 14:19:57 CEST 2001
On Wed, Jun 27, 2001 at 01:15:21PM +0200, Pascal Brisset wrote:
> erlang:binary_to_term/1 generally exits with 'badarg' when applied to
> invalid inputs. Is this behaviour guaranteed ? In other words, is it
> safe to decode untrusted data with binary_to_term ?
>
> The purpose is to send data between untrusted nodes with
> term_to_binary and binary_to_term over TCP, rather than with the
> erlang distribution protocol.
>
A number of checks are done trying to validate the data, however
I think there are some pathological cases left where the emulator
dies. Think so anyway.
An aside note: If you get the data over TCP, why should it be
invalid. TCP ensures the data is non corrupted.... or maybe you
are worrying over rouge nodes ???
/klacke
--
Claes Wikstrom -- Caps lock is nowhere and
Alteon WebSystems -- everything is under control
http://www.bluetail.com/~klacke --
More information about the erlang-questions
mailing list