[couchdb] branch mango-bookmark-master created (now f332f43)

[rn...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a change to branch mango-bookmark-master
in repository https://gitbox.apache.org/repos/asf/couchdb.git.


      at f332f43  safer binary_to_term in mango_json_bookmark

This branch includes the following new commits:

     new f332f43  safer binary_to_term in mango_json_bookmark

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[couchdb] 01/01: safer binary_to_term in mango_json_bookmark

[rn...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a commit to branch mango-bookmark-master
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit f332f43fca31bd6be57d58a0ae1a24439f57a716
Author: Robert Newson <rn...@apache.org>
AuthorDate: Thu Apr 23 20:45:07 2020 +0100

    safer binary_to_term in mango_json_bookmark
---
 src/mango/src/mango_json_bookmark.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mango/src/mango_json_bookmark.erl b/src/mango/src/mango_json_bookmark.erl
index 97f81cf..83fd00f 100644
--- a/src/mango/src/mango_json_bookmark.erl
+++ b/src/mango/src/mango_json_bookmark.erl
@@ -54,7 +54,7 @@ unpack(nil) ->
     nil;
 unpack(Packed) ->
     try
-        Bookmark = binary_to_term(couch_util:decodeBase64Url(Packed)),
+        Bookmark = binary_to_term(couch_util:decodeBase64Url(Packed), [safe]),
         verify(Bookmark)
     catch _:_ ->
         ?MANGO_ERROR({invalid_bookmark, Packed})