[][src]Struct capnp::message::ReaderOptions

pub struct ReaderOptions {
    pub traversal_limit_in_words: u64,
    pub nesting_limit: i32,

Options controlling how data is read.


traversal_limit_in_words: u64

Limits how many total words of data are allowed to be traversed. Traversal is counted when a new struct or list builder is obtained, e.g. from a get() accessor. This means that calling the getter for the same sub-struct multiple times will cause it to be double-counted. Once the traversal limit is reached, an error will be reported.

This limit exists for security reasons. It is possible for an attacker to construct a message in which multiple pointers point at the same location. This is technically invalid, but hard to detect. Using such a message, an attacker could cause a message which is small on the wire to appear much larger when actually traversed, possibly exhausting server resources leading to denial-of-service.

It makes sense to set a traversal limit that is much larger than the underlying message. Together with sensible coding practices (e.g. trying to avoid calling sub-object getters multiple times, which is expensive anyway), this should provide adequate protection without inconvenience.

nesting_limit: i32

Limits how deeply nested a message structure can be, e.g. structs containing other structs or lists of structs.

Like the traversal limit, this limit exists for security reasons. Since it is common to use recursive code to traverse recursive data structures, an attacker could easily cause a stack overflow by sending a very-depply-nested (or even cyclic) message, without the message even being very large. The default limit of 64 is probably low enough to prevent any chance of stack overflow, yet high enough that it is never a problem in practice.


impl ReaderOptions[src]

pub fn new() -> ReaderOptions[src]

pub fn nesting_limit<'a>(&'a mut self, value: i32) -> &'a mut ReaderOptions[src]

pub fn traversal_limit_in_words<'a>(
    &'a mut self,
    value: u64
) -> &'a mut ReaderOptions

Trait Implementations

impl Clone for ReaderOptions[src]

impl Copy for ReaderOptions[src]

impl Debug for ReaderOptions[src]

impl Default for ReaderOptions[src]

Auto Trait Implementations

impl RefUnwindSafe for ReaderOptions

impl Send for ReaderOptions

impl Sync for ReaderOptions

impl Unpin for ReaderOptions

impl UnwindSafe for ReaderOptions

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized

impl<T> Borrow<T> for T where
    T: ?Sized

impl<T> BorrowMut<T> for T where
    T: ?Sized

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, 

impl<T> ToOwned for T where
    T: Clone

type Owned = T

The resulting type after obtaining ownership.

impl<T, U> TryFrom<U> for T where
    U: Into<T>, 

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, 

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.