Browse thread
[Caml-list] Does Marshal handle malicious data?
-
Charles Martin
- Brian Rogoff
- Xavier Leroy
[
Home
]
[ Index:
by date
|
by threads
]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
| Date: | -- (:) |
| From: | Brian Rogoff <bpr@b...> |
| Subject: | Re: [Caml-list] Does Marshal handle malicious data? |
On Tue, 5 Mar 2002, Charles Martin wrote: > Will the standard Marshal library correctly generate an exception for > malicious data? Or is it possible that it will cause a core dump, read > past end of string, etc? You can get a core dump from improper use of marshalling without "malicious" use. I've had it happen by simply changing a data format and using the wrong version of the program read it back in. You can increase the safety by various tricks in your reader, but I don't think there are any simple idiot proof solutions. I'm a pretty clever idiot. -- Brian ------------------- To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/ Beginner's list: http://groups.yahoo.com/group/ocaml_beginners