当前位置: 文江博客话题详情

增强序列化:查看流是否“良好”

发布于 2024-12-12 10:32:35 字数 228 浏览 0 评论 0原文

我目前开发一个服务器应用程序,它必须从客户端接收序列化数据,反序列化它并最终处理它。序列化数据以字符数组的形式发送。我的问题是,我的应用程序很容易通过向其发送无效数据而被破坏。所以我想问是否可以在尝试从中获取数据之前检查字符串(-stream)并查看它是否有利于(反)序列化(例如,它是否具有有效的签名)。

顺便说一句:正如标题所说,我的应用程序使用 boost.serialization。

非常感谢提前:)

原文

I currently develop a server application which has to receive serialized data from clients, deserialize it and finally process it. The serialized data is sent in form of an array of chars. My problem is that my application can be easily broken by sending invalid data to it. So I wanted to ask whether it's possible to check a string(-stream) and see whether it's good for (de-)serialization (e.g. whether it has a valid signature) before trying to get data from it.

By the way: as the title already says, my application uses boost.serialization.

Many thanks in advance :)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

苏大泽ㄣ 2024-12-19 10:32:35

我假设您想要进行轻量级检查,而不需要读取所有数据(在这种情况下,处理异常是尽可能高效的)。

我刚刚使用这个简单的函数测试了成功:

bool can_deserialize(std::istream& is)
{
    bool ok = false;
    is.seekg(0, std::ios_base::beg);

    try
    {
        boost::archive::binary_iarchive ia(is);
        unsigned test = ia.get_library_version();
        ok = true;
    } catch (...) { }

    is.seekg(0, std::ios_base::beg);
    is.clear();
    return ok;
}

这是我使用的一个简单的测试工具(在反序列化之前操作 data.bin 中的数据以检查“坏流”):

#include <boost/archive/binary_iarchive.hpp>
#include <boost/archive/binary_oarchive.hpp>
#include <boost/serialization/vector.hpp>
#include <fstream>
#include <iostream>

bool can_deserialize(std::istream& is)
{
    bool ok = false;
    is.seekg(0, std::ios_base::beg);

    try
    {
        boost::archive::binary_iarchive ia(is);
        unsigned test = ia.get_library_version();
        ok = true;
    } catch (...) { }

    is.seekg(0, std::ios_base::beg);
    is.clear();
    return ok;
}

int main()
{
    std::vector<int> data = { 19415, -2611, 12092, -3942, -2535, 12105, 21079, 4660, 3,
        27131, 13647, 24428, 15159, 9029, 24827, -979, 17194, 25102, -3631,
        20914, -3223, 25801, 6652, 26208, -77, 15606, 8764, 1896, 7430, 24323,
        -152, 23805, -4259, 11243, 13367, 23559, 19293, 18581, 1639, 15671,
        7929, 18386, 5168, 13816, 465, 15801, 16750, -3340, -202, 10412, 11068,
        13458, 24304, 14814, 6530, 1178, -974, 12882, 757, 583, 4897, 24541,
        12490, -119, 2240, -4833, 569, 24700, 24522, 8708, 9760, 26837, 26060,
        20914, -3223, 25801, 6652, 26208, -77, 15606, 8764, 1896, 7430, 24323,
        3377, 6972, 25689, 2334, 1567, 21670, 23233, 14711, 4650, -4703, 25057,
        16057, 19488, 14575, 18936, 13346, 2779, 5644, 17165, 4526, 4390,
        9616, 2413, 14459, -1070, -4079, 22126, 9063, 4362, 8182, 24439, 23625,
        7929, 18386, 5168, 13816, 465, 15801, 16750, -3340, -202, 10412, 11068,
        4184, 25930, 24767, 2785, 17361, 18033, 12366, 20548, -3831, -4101,
        16841, -193, 23217, 6351, 19077, 23565, 10482, 4100, 27488, 15956,
        -2577, 7161, 20943, 25708, -2877, 7900, -4564, -3647, 12008, 1648,
        10533 };

    {
        std::ofstream ofs("data.bin", std::ios::out | std::ios::binary);
        boost::archive::binary_oarchive oa(ofs);

        oa & data;
        ofs.flush();
        ofs.close();
    }

    {
        std::ifstream ifs("data.bin", std::ios::in | std::ios::binary);
        if (can_deserialize(ifs))
        {
            std::cout << "OK! going to read..." << std::endl;

            boost::archive::binary_iarchive ia(ifs);
            std::vector<int> cloned;
            ia & cloned;

            std::cout << "Read " << cloned.size() << " records" << std::endl;
        }
        else
            std::cout << "not OK! -- skipping data read" << std::endl;
    }

}

I assume you want to do a lightweight check, without requiring to read all data (in which case handling the exceptions is as efficient as it will get).

I just tested success with this simple function:

bool can_deserialize(std::istream& is)
{
    bool ok = false;
    is.seekg(0, std::ios_base::beg);

    try
    {
        boost::archive::binary_iarchive ia(is);
        unsigned test = ia.get_library_version();
        ok = true;
    } catch (...) { }

    is.seekg(0, std::ios_base::beg);
    is.clear();
    return ok;
}

Here is a simple test harness that I used (manipulating the data in data.bin before deserialization to check for 'bad streams'):

#include <boost/archive/binary_iarchive.hpp>
#include <boost/archive/binary_oarchive.hpp>
#include <boost/serialization/vector.hpp>
#include <fstream>
#include <iostream>

bool can_deserialize(std::istream& is)
{
    bool ok = false;
    is.seekg(0, std::ios_base::beg);

    try
    {
        boost::archive::binary_iarchive ia(is);
        unsigned test = ia.get_library_version();
        ok = true;
    } catch (...) { }

    is.seekg(0, std::ios_base::beg);
    is.clear();
    return ok;
}

int main()
{
    std::vector<int> data = { 19415, -2611, 12092, -3942, -2535, 12105, 21079, 4660, 3,
        27131, 13647, 24428, 15159, 9029, 24827, -979, 17194, 25102, -3631,
        20914, -3223, 25801, 6652, 26208, -77, 15606, 8764, 1896, 7430, 24323,
        -152, 23805, -4259, 11243, 13367, 23559, 19293, 18581, 1639, 15671,
        7929, 18386, 5168, 13816, 465, 15801, 16750, -3340, -202, 10412, 11068,
        13458, 24304, 14814, 6530, 1178, -974, 12882, 757, 583, 4897, 24541,
        12490, -119, 2240, -4833, 569, 24700, 24522, 8708, 9760, 26837, 26060,
        20914, -3223, 25801, 6652, 26208, -77, 15606, 8764, 1896, 7430, 24323,
        3377, 6972, 25689, 2334, 1567, 21670, 23233, 14711, 4650, -4703, 25057,
        16057, 19488, 14575, 18936, 13346, 2779, 5644, 17165, 4526, 4390,
        9616, 2413, 14459, -1070, -4079, 22126, 9063, 4362, 8182, 24439, 23625,
        7929, 18386, 5168, 13816, 465, 15801, 16750, -3340, -202, 10412, 11068,
        4184, 25930, 24767, 2785, 17361, 18033, 12366, 20548, -3831, -4101,
        16841, -193, 23217, 6351, 19077, 23565, 10482, 4100, 27488, 15956,
        -2577, 7161, 20943, 25708, -2877, 7900, -4564, -3647, 12008, 1648,
        10533 };

    {
        std::ofstream ofs("data.bin", std::ios::out | std::ios::binary);
        boost::archive::binary_oarchive oa(ofs);

        oa & data;
        ofs.flush();
        ofs.close();
    }

    {
        std::ifstream ifs("data.bin", std::ios::in | std::ios::binary);
        if (can_deserialize(ifs))
        {
            std::cout << "OK! going to read..." << std::endl;

            boost::archive::binary_iarchive ia(ifs);
            std::vector<int> cloned;
            ia & cloned;

            std::cout << "Read " << cloned.size() << " records" << std::endl;
        }
        else
            std::cout << "not OK! -- skipping data read" << std::endl;
    }

}
回复 原文
~没有更多了~

关于作者

魂牵梦绕锁你心扉

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

苦中寻乐

文章 0 评论 0

lueluelue

文章 0 评论 0

嗼ふ静

文章 0 评论 0

王权女流氓

文章 0 评论 0

与花如笺

文章 0 评论 0

残酷

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文