… | |
… | |
64 | |
64 | |
65 | package CBOR::XS; |
65 | package CBOR::XS; |
66 | |
66 | |
67 | use common::sense; |
67 | use common::sense; |
68 | |
68 | |
69 | our $VERSION = 1.5; |
69 | our $VERSION = 1.51; |
70 | our @ISA = qw(Exporter); |
70 | our @ISA = qw(Exporter); |
71 | |
71 | |
72 | our @EXPORT = qw(encode_cbor decode_cbor); |
72 | our @EXPORT = qw(encode_cbor decode_cbor); |
73 | |
73 | |
74 | use Exporter; |
74 | use Exporter; |
… | |
… | |
180 | reference to the earlier value. |
180 | reference to the earlier value. |
181 | |
181 | |
182 | This means that such values will only be encoded once, and will not result |
182 | This means that such values will only be encoded once, and will not result |
183 | in a deep cloning of the value on decode, in decoders supporting the value |
183 | in a deep cloning of the value on decode, in decoders supporting the value |
184 | sharing extension. This also makes it possible to encode cyclic data |
184 | sharing extension. This also makes it possible to encode cyclic data |
185 | structures (which need C<allow_cycles> to ne enabled to be decoded by this |
185 | structures (which need C<allow_cycles> to be enabled to be decoded by this |
186 | module). |
186 | module). |
187 | |
187 | |
188 | It is recommended to leave it off unless you know your |
188 | It is recommended to leave it off unless you know your |
189 | communication partner supports the value sharing extensions to CBOR |
189 | communication partner supports the value sharing extensions to CBOR |
190 | (L<http://cbor.schmorp.de/value-sharing>), as without decoder support, the |
190 | (L<http://cbor.schmorp.de/value-sharing>), as without decoder support, the |
… | |
… | |
440 | |
440 | |
441 | Resets the incremental decoder. This throws away any saved state, so that |
441 | Resets the incremental decoder. This throws away any saved state, so that |
442 | subsequent calls to C<incr_parse> or C<incr_parse_multiple> start to parse |
442 | subsequent calls to C<incr_parse> or C<incr_parse_multiple> start to parse |
443 | a new CBOR value from the beginning of the C<$buffer> again. |
443 | a new CBOR value from the beginning of the C<$buffer> again. |
444 | |
444 | |
445 | This method can be caled at any time, but it I<must> be called if you want |
445 | This method can be called at any time, but it I<must> be called if you want |
446 | to change your C<$buffer> or there was a decoding error and you want to |
446 | to change your C<$buffer> or there was a decoding error and you want to |
447 | reuse the C<$cbor> object for future incremental parsings. |
447 | reuse the C<$cbor> object for future incremental parsings. |
448 | |
448 | |
449 | =back |
449 | =back |
450 | |
450 | |
… | |
… | |
985 | |
985 | |
986 | First of all, your CBOR decoder should be secure, that is, should not have |
986 | First of all, your CBOR decoder should be secure, that is, should not have |
987 | any buffer overflows. Obviously, this module should ensure that and I am |
987 | any buffer overflows. Obviously, this module should ensure that and I am |
988 | trying hard on making that true, but you never know. |
988 | trying hard on making that true, but you never know. |
989 | |
989 | |
|
|
990 | Second, CBOR::XS supports object serialisation - decoding CBOR can cause |
|
|
991 | calls to I<any> C<THAW> method in I<any> package that exists in your |
|
|
992 | process (that is, CBOR::XS will not try to load modules, but any existing |
|
|
993 | C<THAW> method or function can be called, so they all have to be secure). |
|
|
994 | |
990 | Second, you need to avoid resource-starving attacks. That means you should |
995 | Third, you need to avoid resource-starving attacks. That means you should |
991 | limit the size of CBOR data you accept, or make sure then when your |
996 | limit the size of CBOR data you accept, or make sure then when your |
992 | resources run out, that's just fine (e.g. by using a separate process that |
997 | resources run out, that's just fine (e.g. by using a separate process that |
993 | can crash safely). The size of a CBOR string in octets is usually a good |
998 | can crash safely). The size of a CBOR string in octets is usually a good |
994 | indication of the size of the resources required to decode it into a Perl |
999 | indication of the size of the resources required to decode it into a Perl |
995 | structure. While CBOR::XS can check the size of the CBOR text, it might be |
1000 | structure. While CBOR::XS can check the size of the CBOR text, it might be |
996 | too late when you already have it in memory, so you might want to check |
1001 | too late when you already have it in memory, so you might want to check |
997 | the size before you accept the string. |
1002 | the size before you accept the string. |
998 | |
1003 | |
999 | Third, CBOR::XS recurses using the C stack when decoding objects and |
1004 | Fourth, CBOR::XS recurses using the C stack when decoding objects and |
1000 | arrays. The C stack is a limited resource: for instance, on my amd64 |
1005 | arrays. The C stack is a limited resource: for instance, on my amd64 |
1001 | machine with 8MB of stack size I can decode around 180k nested arrays but |
1006 | machine with 8MB of stack size I can decode around 180k nested arrays but |
1002 | only 14k nested CBOR objects (due to perl itself recursing deeply on croak |
1007 | only 14k nested CBOR objects (due to perl itself recursing deeply on croak |
1003 | to free the temporary). If that is exceeded, the program crashes. To be |
1008 | to free the temporary). If that is exceeded, the program crashes. To be |
1004 | conservative, the default nesting limit is set to 512. If your process |
1009 | conservative, the default nesting limit is set to 512. If your process |
… | |
… | |
1093 | |
1098 | |
1094 | Please refrain from using rt.cpan.org or any other bug reporting |
1099 | Please refrain from using rt.cpan.org or any other bug reporting |
1095 | service. I put the contact address into my modules for a reason. |
1100 | service. I put the contact address into my modules for a reason. |
1096 | |
1101 | |
1097 | =cut |
1102 | =cut |
|
|
1103 | |
|
|
1104 | # clumsy hv_store-in-perl |
|
|
1105 | sub _hv_store { |
|
|
1106 | $_[0]{$_[1]} = $_[2]; |
|
|
1107 | } |
1098 | |
1108 | |
1099 | our %FILTER = ( |
1109 | our %FILTER = ( |
1100 | 0 => sub { # rfc4287 datetime, utf-8 |
1110 | 0 => sub { # rfc4287 datetime, utf-8 |
1101 | require Time::Piece; |
1111 | require Time::Piece; |
1102 | # Time::Piece::Strptime uses the "incredibly flexible date parsing routine" |
1112 | # Time::Piece::Strptime uses the "incredibly flexible date parsing routine" |