kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* marshal.c: add security considerations to marshal overview, refer to

Browse source 
overview from Marshal.load documentation [#7759]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39005 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
charliesome 2013-02-01 15:46:10 +00:00
parent 86aa98fed4
commit ba5ff937c3
2 changed files with 22 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -1,3 +1,8 @@
Fri Feb 2 00:46:00 2013 Charlie Somerville <charlie@charliesomerville.com>
* marshal.c: add security considerations to marshal overview, refer to
overview from Marshal.load documentation [#7759]
Fri Feb 1 23:04:00 2013 Charlie Somerville <charlie@charliesomerville.com>
* array.c (rb_ary_dup): make returned array the same class as the original

21
marshal.c
View file

@ -1895,10 +1895,8 @@ clear_load_arg(struct load_arg *arg)
* to_str. If proc is specified, it will be passed each object as it
* is deserialized.
*
* Never pass untrusted data (including user input) to this method. Doing
* so is highly dangerous and can lead to remote code execution. If you
* need to deserialize untrusted data, use JSON and only rely on simple
* 'primitive' types, such as String, Array, Hash, etc.
* Never pass untrusted data (including user supplied input) to this method.
* Please see the overview for further details.
*/
static VALUE
marshal_load(int argc, VALUE *argv)
@ -1993,6 +1991,21 @@ marshal_load(int argc, VALUE *argv)
* precedence over _dump if both are defined. marshal_dump may result in
* smaller Marshal strings.
*
* == Security considerations
*
* By design, Marshal.load can deserialize almost any class loaded into the
* Ruby process. In many cases this can lead to remote code execution if the
* Marshal data is loaded from an untrusted source.
*
* As a result, Marshal.load is not suitable as a general purpose serialization
* format and you should never unmarshal user supplied input or other untrusted
* data.
*
* If you need to deserialize untrusted data, use JSON or another serialization
* format that is only able to load simple, 'primitive' types such as String,
* Array, Hash, etc. Never allow user input to specify arbitrary types to
* deserialize into.
*
* == marshal_dump and marshal_load
*
* When dumping an object the method marshal_dump will be called.