Yes, I thought about just using a CRC, but I couldn't figure out the
case of a maliciously formed or manipulated input, where the
serialized object is corrupted, but the checksum is correct. It seems
like the only solution would be to further protect the deserialization
procedure.
Thanks,
Josh
On Aug 13, 2008, at 4:30 AM, felix winkelmann wrote:
On Wed, Aug 13, 2008 at 8:38 AM, Joshua Griffith
<[EMAIL PROTECTED]> wrote:
Hello,
When a serialized object gets corrupted or truncated (which often
occurs
when it is transmitted over a TCP connection), attempting to
deserialize
that object results in a "Bus error" and immediate program
termination,
rather than a raised exception. How difficult would it be to
modify the
s11n egg so that it fails gracefully upon receipt of corrupted data?
It shouldn't be too hard, one just would have to precede a chunk of
data with a checksum. I can look into this (unless you need a quick
solution, because I can't exactly say when I get around doing so).
cheers,
felix
_______________________________________________
Chicken-users mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/chicken-users
