This site is a static rendering of the Trac instance that was used by R7RS-WG1 for its work on R7RS-small (PDF), which was ratified in 2013. For more information, see Home.

Ticket 529: Read-line permits DoS attacks

2013-07-07 03:20:44
WG1 - Core
2013-05-13 17:53:20

Peter Bex writes:

I somehow overlooked the addition of "read-line", which I think might be a bad idea considering it does not support a limit of how much to read (allowing user input to cause an out of memory situation, leading to denial of service). Luckily, a limit as optional second argument is a pretty straightforward extension which my favorite Scheme [Chicken] already supports.

The very old and standard procedure read also does not support any kind of limit, and it would need several: a sequence length limit, a nesting depth limit, a bignum size limit, and a character name length limit. A library could easily be created with attack-safe versions of read and read-line, or as you say it could be an extension.


The WG decided by unanimous consent to take no action on this ticket.