I have to agree with Gerd, if at all possible use a protocol compiler 
such as XDR, or ASN.1, even signing might not be secure if your 
attacker can get ahold of the keys you are using. I can attest to the 
robustness of Gerd's XDR implementation, I have used it in several 
projects.

On Feb 17, 2005, at 1:39 AM, Gerd Stolpmann wrote:

> Mike Hamburg said:
>> Is there any way to call Marshall in a type-safe way?  I need to use
>> marshaling for a networking program, and I'd rather not leave Marshal
>> as an arbitrary code execution vulnerability (which it is as far as I
>> can tell: switching on a Marshaled value should produce a computed
>> jump, which can be set by an attacker to point to an arbitrary place).
>>  Am I stuck writing my own marshal function?
>
> Marshal is not type-safe, no chance. I see three options for you:
>
> - If it is a closed protocol, you can sign the marshaled values
>
> - You can use other serializers. A quite simple and fast serializer is 
> the
>   XDR encoder in my SunRPC implementation (see
>   http://ocaml-programming.de/programming/rpc.html). Other options
>   I know are BER (see ocamldap), XML-RPC, SOAP, and Ensemble.
>
> - Write the serializer yourself. Maybe this is an option for you
>   if you need maximum performance.
>
> Gerd
> ------------------------------------------------------------
> Gerd Stolpmann * Viktoriastr. 45 * 64293 Darmstadt * Germany
> gerd@gerd-stolpmann.de          http://www.gerd-stolpmann.de
> ------------------------------------------------------------
>
>
>
> _______________________________________________
> Caml-list mailing list. Subscription management:
> http://yquem.inria.fr/cgi-bin/mailman/listinfo/caml-list
> Archives: http://caml.inria.fr
> Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
> Bug reports: http://caml.inria.fr/bin/caml-bugs
>