From f8823475d9fea9f03273ad307a5d20014b1f2cc6 Mon Sep 17 00:00:00 2001
From: charliesome <charliesome@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 31 Jan 2013 12:55:37 +0000
Subject: marshal.c: warn against using Marshal.load on untrusted data

* marshal.c (marshal_load): Add documentation warning against using
  Marshal.load on untrusted data [Bug #7759] [ruby-core:51765]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38999 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 marshal.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'marshal.c')

diff --git a/marshal.c b/marshal.c
index ba633fadae..4774b8a173 100644
--- a/marshal.c
+++ b/marshal.c
@@ -1884,6 +1884,11 @@ clear_load_arg(struct load_arg *arg)
  * may be either an instance of IO or an object that responds to
  * to_str. If proc is specified, it will be passed each object as it
  * is deserialized.
+ *
+ * Never pass untrusted data (including user input) to this method. Doing
+ * so is highly dangerous and can lead to remote code execution. If you
+ * need to deserialize untrusted data, use JSON and only rely on simple
+ * 'primitive' types, such as String, Array, Hash, etc.
  */
 static VALUE
 marshal_load(int argc, VALUE *argv)
-- 
cgit v1.2.3