Browse thread
[Caml-list] Does Marshal handle malicious data?
-
Charles Martin
- Brian Rogoff
- Xavier Leroy
[
Home
]
[ Index:
by date
|
by threads
]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
| Date: | -- (:) |
| From: | Xavier Leroy <xavier.leroy@i...> |
| Subject: | Re: [Caml-list] Does Marshal handle malicious data? |
> Will the standard Marshal library correctly generate an exception > for malicious data? Or is it possible that it will cause a core > dump, read past end of string, etc? No, unmarshaling is not hardened against bad data (except checking the initial magic number). So, corrupted data can cause all the bad things that you mentioned (core dump, etc). Gracefully recovering from bad data could be implemented, but at significant run-time cost. An alternative is to use message authentication codes and the like to guarantee the integrity of the data. - Xavier Leroy ------------------- To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/ Beginner's list: http://groups.yahoo.com/group/ocaml_beginners