[Ruby 1.9 - Feature #4801][Open] Shorthand Hash Syntax for Strings - ruby-core-google

The old Google Groups will be going away soon, but your browser is incompatible with the new version.

« Groups Home

ruby-core-google

Home

Discussions

+ new post

About this group

Join this group

Message from discussion [Ruby 1.9 - Feature #4801][Open] Shorthand Hash Syntax for Strings

Bill Kelly

View profile

More options Jun 1 2011, 11:17 pm

From: Bill Kelly <bi...@cts.com>

Date: Thu, 2 Jun 2011 12:17:01 +0900

Local: Wed, Jun 1 2011 11:17 pm

Subject: [ruby-core:36686] Re: [Ruby 1.9 - Feature #4801][Open] Shorthand Hash Syntax for Strings

Print | View thread | Show original | Report this message | Find messages by this author

Clifford Heath wrote:
> ... the problem
> Cezary is talking about is where code that creates Symbols dynamically
> from Strings, that can create a potentially unbounded number of Symbols,
> none of which can be GC'd.

Agreed.

If a concrete example would help, my objects are receiving
RPC messages from untrusted clients, and I check for valid
messages by Hash lookup.

Ideally the Hash keys would be Symbols, but if I then
convert the untrusted messages to Symbols to perform the
Hash lookup, I've opened my server to a memory leak DoS
exploit.

(On a related note, the RPC protocol supports all Ruby
data types including Symbol, and the untrusted message names
actually *arrive* at the protocol level as Symbols; but by
default, any Symbols are deserialized as Strings when they
reach the remote, because of the same DoS potential.)

Regards,

Bill

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy

Account Options