marshal.c: warn against using Marshal.load on untrusted data

* marshal.c (marshal_load): Add documentation warning against using Marshal.load on untrusted data [Bug #7759] [ruby-core:51765] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38999 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: charliesome <charliesome@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2013-01-31 12:55:37 +0000
committer: charliesome <charliesome@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2013-01-31 12:55:37 +0000
commit: f8823475d9fea9f03273ad307a5d20014b1f2cc6 (patch)
tree: 7e9d2bb6bd45f2d53df788441044708809159feb /marshal.c
parent: 20af032e82226d672d7d0f158a42e6118e8ee3fa (diff)
download: ruby-f8823475d9fea9f03273ad307a5d20014b1f2cc6.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/marshal.c b/marshal.c
index ba633fadae..4774b8a173 100644
--- a/marshal.c
+++ b/marshal.c
@@ -1884,6 +1884,11 @@ clear_load_arg(struct load_arg *arg)
  * may be either an instance of IO or an object that responds to
  * to_str. If proc is specified, it will be passed each object as it
  * is deserialized.
+ *
+ * Never pass untrusted data (including user input) to this method. Doing
+ * so is highly dangerous and can lead to remote code execution. If you
+ * need to deserialize untrusted data, use JSON and only rely on simple
+ * 'primitive' types, such as String, Array, Hash, etc.
  */
 static VALUE
 marshal_load(int argc, VALUE *argv)
author	charliesome <charliesome@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2013-01-31 12:55:37 +0000
committer	charliesome <charliesome@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2013-01-31 12:55:37 +0000
commit	f8823475d9fea9f03273ad307a5d20014b1f2cc6 (patch)
tree	7e9d2bb6bd45f2d53df788441044708809159feb /marshal.c
parent	20af032e82226d672d7d0f158a42e6118e8ee3fa (diff)
download	ruby-f8823475d9fea9f03273ad307a5d20014b1f2cc6.tar.gz