File 0220-More-security-recommendations-in-binary_to_term-2.patch of Package erlang
From 4998ac9da6a7373856fbf98efab0f10a6a7e2525 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@dashbit.co>
Date: Tue, 19 Jan 2021 13:07:17 +0100
Subject: [PATCH] More security recommendations in binary_to_term/2
---
erts/doc/src/erlang.xml | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/erts/doc/src/erlang.xml b/erts/doc/src/erlang.xml
index 97f6f7e83d..7a200a969e 100644
--- a/erts/doc/src/erlang.xml
+++ b/erts/doc/src/erlang.xml
@@ -614,8 +614,11 @@ hello
</pre>
<warning>
<p>When decoding binaries from untrusted sources,
- consider using <c>binary_to_term/2</c> to prevent Denial
- of Service attacks.</p>
+ the untrusted source may submit data in a way to
+ create resources, such as atoms and remote references,
+ that cannot be garbage collected and lead to Denial
+ of Service attack. In such cases, consider using
+ <c>binary_to_term/2</c> with the <c>safe</c> option.</p>
</warning>
<p>See also
<seemfa marker="#term_to_binary/1"><c>term_to_binary/1</c></seemfa>
@@ -635,7 +638,7 @@ hello
<p>Use this option when receiving binaries from an untrusted
source.</p>
<p>When enabled, it prevents decoding data that can be used to
- attack the Erlang system. In the event of receiving unsafe
+ attack the Erlang runtime. In the event of receiving unsafe
data, decoding fails with a <c>badarg</c> error.</p>
<p>This prevents creation of new atoms directly,
creation of new atoms indirectly (as they are embedded in
@@ -652,6 +655,15 @@ hello
> <input>binary_to_term(<<131,100,0,5,"hello">>, [safe]).</input>
hello
</pre>
+ <warning>
+ <p>The <c>safe</c> option ensures the data is safely
+ processed by the Erlang runtime but it does not
+ guarantee the data is safe to your application.
+ You must always validate data from untrusted sources.
+ If the binary is stored or transits through untrusted
+ sources, you should also consider cryptographically
+ signing it.</p>
+ </warning>
</item>
<tag><c>used</c></tag>
<item>
--
2.26.2