Overview

File 0220-More-security-recommendations-in-binary_to_term-2.patch of Package erlang

From 4998ac9da6a7373856fbf98efab0f10a6a7e2525 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@dashbit.co>
Date: Tue, 19 Jan 2021 13:07:17 +0100
Subject: [PATCH] More security recommendations in binary_to_term/2

---
 erts/doc/src/erlang.xml | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/erts/doc/src/erlang.xml b/erts/doc/src/erlang.xml
index 97f6f7e83d..7a200a969e 100644
--- a/erts/doc/src/erlang.xml
+++ b/erts/doc/src/erlang.xml
@@ -614,8 +614,11 @@ hello
 </pre>
         <warning>
           <p>When decoding binaries from untrusted sources,
-            consider using <c>binary_to_term/2</c> to prevent Denial
-            of Service attacks.</p>
+            the untrusted source may submit data in a way to
+            create resources, such as atoms and remote references,
+            that cannot be garbage collected and lead to Denial
+            of Service attack. In such cases, consider using
+            <c>binary_to_term/2</c> with the <c>safe</c> option.</p>
         </warning>
         <p>See also
           <seemfa marker="#term_to_binary/1"><c>term_to_binary/1</c></seemfa>
@@ -635,7 +638,7 @@ hello
             <p>Use this option when receiving binaries from an untrusted
               source.</p>
             <p>When enabled, it prevents decoding data that can be used to
-              attack the Erlang system. In the event of receiving unsafe
+              attack the Erlang runtime. In the event of receiving unsafe
               data, decoding fails with a <c>badarg</c> error.</p>
             <p>This prevents creation of new atoms directly,
               creation of new atoms indirectly (as they are embedded in
@@ -652,6 +655,15 @@ hello
 > <input>binary_to_term(&lt;&lt;131,100,0,5,"hello">>, [safe]).</input>
 hello
 </pre>
+	    <warning>
+	      <p>The <c>safe</c> option ensures the data is safely
+                processed by the Erlang runtime but it does not
+                guarantee the data is safe to your application.
+                You must always validate data from untrusted sources.
+                If the binary is stored or transits through untrusted
+                sources, you should also consider cryptographically
+                signing it.</p>
+            </warning>	
           </item>
           <tag><c>used</c></tag>
           <item>
-- 
2.26.2
openSUSE Build Service is sponsored by
Places