Erlang/OTP Forums
Author Message

<  Advanced Erlang/OTP  ~  list_to_atom(String) and D.O.S. attacs
andreas
Posted: Fri Jul 07, 2006 1:33 pm Reply with quote
User Joined: 03 Jul 2006 Posts: 17
Be careful when using list_to_atom(String) function on post data or in other situations where an external source could send data. Becuse there are a limited number of atoms and they are not garbage collected. If you use them up, any attempts to generat a atom will crash.

So the list_to_atom(String) function should only be used if:

  • You have a finit set of values!
  • You have validate that the value is a member of the finit set of valid values!
Back to top View user's profile Send private message
noss
Posted: Thu Jul 13, 2006 8:41 am Reply with quote
User Joined: 09 Oct 2005 Posts: 290
andreas wrote:

So the list_to_atom(String) function should only be used if:

  • You have a finit set of values!
  • You have validate that the value is a member of the finit set of valid values!


The function list_to_existing_atom/1 is new in R10B-8 (http://www.erlang.org/download/otp_src_R10B-8.readme).

It will not create new atoms, only return atoms when there is already an atom by that name interned.
Back to top View user's profile Send private message
francesco
Posted: Wed Jul 19, 2006 7:31 am Reply with quote
User Joined: 07 Jul 2006 Posts: 249 Location: London
As you say, the solution to that problem is to not use atom_to_list. The function should not be used on dynamic content in the first place, yaws post data included. The exception is if you have a finante set of data which has already been validated.

Thomas Lindgren had an interesting presentation at the ACM SIGPLAN Erlang workshop in Tallinn (2005) on how to GC atoms. I am not sure if he has implemented his ideas yet.

Francesco
Back to top View user's profile Send private message Visit poster's website

Display posts from previous:  

All times are GMT
View next topic
View previous topic
Page 1 of 1
Erlang Forum - Trap Exit Forum Index  ~  Advanced Erlang/OTP
This forum is locked: you cannot post, reply to, or edit topics.

Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
Hosted by Erlang Solutions    |    Powered by phpBB and NoseBleed 1.14