[couchdb] branch mango-bookmark-3.x created (now 28ddd52)

[rn...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a change to branch mango-bookmark-3.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git.


      at 28ddd52  safer binary_to_term in mango_json_bookmark

This branch includes the following new commits:

     new 28ddd52  safer binary_to_term in mango_json_bookmark

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[couchdb] 01/01: safer binary_to_term in mango_json_bookmark

[rn...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a commit to branch mango-bookmark-3.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 28ddd528d825bea8546fcf7cf518600c304f4836
Author: Robert Newson <rn...@apache.org>
AuthorDate: Thu Apr 23 20:43:59 2020 +0100

    safer binary_to_term in mango_json_bookmark
---
 src/mango/src/mango_json_bookmark.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mango/src/mango_json_bookmark.erl b/src/mango/src/mango_json_bookmark.erl
index 97f81cf..83fd00f 100644
--- a/src/mango/src/mango_json_bookmark.erl
+++ b/src/mango/src/mango_json_bookmark.erl
@@ -54,7 +54,7 @@ unpack(nil) ->
     nil;
 unpack(Packed) ->
     try
-        Bookmark = binary_to_term(couch_util:decodeBase64Url(Packed)),
+        Bookmark = binary_to_term(couch_util:decodeBase64Url(Packed), [safe]),
         verify(Bookmark)
     catch _:_ ->
         ?MANGO_ERROR({invalid_bookmark, Packed})