[issue19219] speed up marshal.loads()
STINNER Victor
report at bugs.python.org
Fri Oct 11 13:58:48 CEST 2013
STINNER Victor added the comment:
"You should ensure that loaded bytes are ASCII-only. Otherwise broken or malicious marshalled data will compromise you program."
This is not new, see the red warning in marshal doc:
"""
Warning
The marshal module is not intended to be secure against erroneous or maliciously constructed data. Never unmarshal data received from an untrusted or unauthenticated source.
"""
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue19219>
_______________________________________
More information about the Python-bugs-list
mailing list