[−][src]Struct capnp::message::ReaderOptions
Options controlling how data is read.
Fields
traversal_limit_in_words: u64
Limits how many total words of data are allowed to be traversed. Traversal is counted when a new struct or list builder is obtained, e.g. from a get() accessor. This means that calling the getter for the same sub-struct multiple times will cause it to be double-counted. Once the traversal limit is reached, an error will be reported.
This limit exists for security reasons. It is possible for an attacker to construct a message in which multiple pointers point at the same location. This is technically invalid, but hard to detect. Using such a message, an attacker could cause a message which is small on the wire to appear much larger when actually traversed, possibly exhausting server resources leading to denial-of-service.
It makes sense to set a traversal limit that is much larger than the underlying message. Together with sensible coding practices (e.g. trying to avoid calling sub-object getters multiple times, which is expensive anyway), this should provide adequate protection without inconvenience.
nesting_limit: i32
Limits how deeply nested a message structure can be, e.g. structs containing other structs or lists of structs.
Like the traversal limit, this limit exists for security reasons. Since it is common to use recursive code to traverse recursive data structures, an attacker could easily cause a stack overflow by sending a very-depply-nested (or even cyclic) message, without the message even being very large. The default limit of 64 is probably low enough to prevent any chance of stack overflow, yet high enough that it is never a problem in practice.
Methods
impl ReaderOptions
[src]
pub fn new() -> ReaderOptions
[src]
pub fn nesting_limit<'a>(&'a mut self, value: i32) -> &'a mut ReaderOptions
[src]
pub fn traversal_limit_in_words<'a>(
&'a mut self,
value: u64
) -> &'a mut ReaderOptions
[src]
&'a mut self,
value: u64
) -> &'a mut ReaderOptions
Trait Implementations
impl Clone for ReaderOptions
[src]
fn clone(&self) -> ReaderOptions
[src]
fn clone_from(&mut self, source: &Self)
1.0.0[src]
impl Copy for ReaderOptions
[src]
impl Default for ReaderOptions
[src]
fn default() -> ReaderOptions
[src]
impl Debug for ReaderOptions
[src]
Auto Trait Implementations
impl Send for ReaderOptions
impl Sync for ReaderOptions
impl Unpin for ReaderOptions
impl UnwindSafe for ReaderOptions
impl RefUnwindSafe for ReaderOptions
Blanket Implementations
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> From<T> for T
[src]
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
fn to_owned(&self) -> T
[src]
fn clone_into(&self, target: &mut T)
[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
The type returned in the event of a conversion error.
fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>
[src]
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,