Version française
Home     About     Download     Resources     Contact us    
Browse thread
[Caml-list] Does Marshal handle malicious data?
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Brian Rogoff <bpr@b...>
Subject: Re: [Caml-list] Does Marshal handle malicious data?
On Tue, 5 Mar 2002, Charles Martin wrote:
> Will the standard Marshal library correctly generate an exception for
> malicious data?  Or is it possible that it will cause a core dump, read
> past end of string, etc?

You can get a core dump from improper use of marshalling without
"malicious" use. I've had it happen by simply changing a data format and
using the wrong version of the program read it back in.

You can increase the safety by various tricks in your reader, but I don't
think there are any simple idiot proof solutions. I'm a pretty clever
idiot.

-- Brian
-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners