You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by rn...@apache.org on 2020/04/23 19:45:51 UTC

[couchdb] 01/01: safer binary_to_term in mango_json_bookmark

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a commit to branch mango-bookmark-master
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit f332f43fca31bd6be57d58a0ae1a24439f57a716
Author: Robert Newson <rn...@apache.org>
AuthorDate: Thu Apr 23 20:45:07 2020 +0100

    safer binary_to_term in mango_json_bookmark
---
 src/mango/src/mango_json_bookmark.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mango/src/mango_json_bookmark.erl b/src/mango/src/mango_json_bookmark.erl
index 97f81cf..83fd00f 100644
--- a/src/mango/src/mango_json_bookmark.erl
+++ b/src/mango/src/mango_json_bookmark.erl
@@ -54,7 +54,7 @@ unpack(nil) ->
     nil;
 unpack(Packed) ->
     try
-        Bookmark = binary_to_term(couch_util:decodeBase64Url(Packed)),
+        Bookmark = binary_to_term(couch_util:decodeBase64Url(Packed), [safe]),
         verify(Bookmark)
     catch _:_ ->
         ?MANGO_ERROR({invalid_bookmark, Packed})