Version française
Home     About     Download     Resources     Contact us    
Browse thread
[Caml-list] Does Marshal handle malicious data?
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Xavier Leroy <xavier.leroy@i...>
Subject: Re: [Caml-list] Does Marshal handle malicious data?
> Will the standard Marshal library correctly generate an exception
> for malicious data?  Or is it possible that it will cause a core
> dump, read past end of string, etc?

No, unmarshaling is not hardened against bad data (except checking the
initial magic number).  So, corrupted data can cause all the bad
things that you mentioned (core dump, etc).

Gracefully recovering from bad data could be implemented, but at
significant run-time cost.  An alternative is to use message
authentication codes and the like to guarantee the integrity of the
data.

- Xavier Leroy
-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners