(perl #132147) add security warnings to the *DBM_File modules

author: Tony Cook <tony@develop-help.com> 2018-01-24 15:03:39 +1100
committer: Tony Cook <tony@develop-help.com> 2018-11-05 10:19:05 +1100
commit: e459aaffe40291395017cc002fc6d261e7cae0ae (patch)
tree: 2dae59e2da7acd1d1d1229ad485321e085e149ee /ext/SDBM_File
parent: f196658042490a6287fc178f0bc20fd5558ac54b (diff)
download: perl-e459aaffe40291395017cc002fc6d261e7cae0ae.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/ext/SDBM_File/SDBM_File.pm b/ext/SDBM_File/SDBM_File.pm
index 5df9085760..7be9263417 100644
--- a/ext/SDBM_File/SDBM_File.pm
+++ b/ext/SDBM_File/SDBM_File.pm
@@ -119,6 +119,14 @@ This warning is emitted when you try to store a key or a value that
 is too long.  It means that the change was not recorded in the
 database.  See BUGS AND WARNINGS below.
 
+=head1 SECURITY WARNING
+
+B<Do not accept SDBM files from untrusted sources!>
+
+The sdbm file format was designed for speed and convenience, not for
+portability or security.  A maliciously crafted file might cause perl to
+crash or even expose a security vulnerability.
+
 =head1 BUGS AND WARNINGS
 
 There are a number of limits on the size of the data that you can
author	Tony Cook <tony@develop-help.com>	2018-01-24 15:03:39 +1100
committer	Tony Cook <tony@develop-help.com>	2018-11-05 10:19:05 +1100
commit	e459aaffe40291395017cc002fc6d261e7cae0ae (patch)
tree	2dae59e2da7acd1d1d1229ad485321e085e149ee /ext/SDBM_File
parent	f196658042490a6287fc178f0bc20fd5558ac54b (diff)
download	perl-e459aaffe40291395017cc002fc6d261e7cae0ae.tar.gz