marshal.c: warn against using Marshal.load on untrusted data

* marshal.c (marshal_load): Add documentation warning against using Marshal.load on untrusted data [Bug #7759] [ruby-core:51765] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38999 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-01-31 12:55:37 +00:00 · 2013-01-31 12:55:37 +00:00 · f8823475d9
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+Thu Jan 31 21:55:00 2013  Charlie Somerville  <charlie@charliesomerville.com>
+
+	* marshal.c (marshal_load): Add documentation warning against using
+	  Marshal.load on untrusted data [Bug #7759] [ruby-core:51765]
+
 Thu Jan 31 16:33:27 2013  Nobuyoshi Nakada  <nobu@ruby-lang.org>

 	* parse.y (local_push_gen): no assigned but unused variable warnings
--- a/marshal.c
+++ b/marshal.c
@ -1884,6 +1884,11 @@ clear_load_arg(struct load_arg *arg)
 * may be either an instance of IO or an object that responds to
 * to_str. If proc is specified, it will be passed each object as it
 * is deserialized.
+ *
+ * Never pass untrusted data (including user input) to this method. Doing
+ * so is highly dangerous and can lead to remote code execution. If you
+ * need to deserialize untrusted data, use JSON and only rely on simple
+ * 'primitive' types, such as String, Array, Hash, etc.
 */
 static VALUE
 marshal_load(int argc, VALUE *argv)