问题描述
我目前正在开发一个服务器应用程序,该应用程序必须从客户端接收序列化的数据,对其进行反序列化并最终对其进行处理.序列化的数据以char数组的形式发送.我的问题是,通过向应用程序发送无效数据可以很容易地破坏它.因此,我想问问是否有可能在尝试从字符串(流)中获取数据之前,先检查它是否对反序列化(例如,它是否具有有效的签名)是否有用.
I currently develop a server application which has to receive serialized data from clients, deserialize it and finally process it. The serialized data is sent in form of an array of chars. My problem is that my application can be easily broken by sending invalid data to it. So I wanted to ask whether it's possible to check a string(-stream) and see whether it's good for (de-)serialization (e.g. whether it has a valid signature) before trying to get data from it.
顺便说一句:正如标题所言,我的应用程序使用boost.serialization.
By the way: as the title already says, my application uses boost.serialization.
非常感谢:)
推荐答案
我假设您想进行 lightweight 检查,而不需要读取所有数据(在这种情况下,处理异常的效率很高会得到的.)
I assume you want to do a lightweight check, without requiring to read all data (in which case handling the exceptions is as efficient as it will get).
我刚刚使用此简单功能测试了成功:
I just tested success with this simple function:
bool can_deserialize(std::istream& is)
{
bool ok = false;
is.seekg(0, std::ios_base::beg);
try
{
boost::archive::binary_iarchive ia(is);
unsigned test = ia.get_library_version();
ok = true;
} catch (...) { }
is.seekg(0, std::ios_base::beg);
is.clear();
return ok;
}
这是我使用的简单测试工具(在反序列化之前处理data.bin中的数据以检查不良流"):
Here is a simple test harness that I used (manipulating the data in data.bin before deserialization to check for 'bad streams'):
#include <boost/archive/binary_iarchive.hpp>
#include <boost/archive/binary_oarchive.hpp>
#include <boost/serialization/vector.hpp>
#include <fstream>
#include <iostream>
bool can_deserialize(std::istream& is)
{
bool ok = false;
is.seekg(0, std::ios_base::beg);
try
{
boost::archive::binary_iarchive ia(is);
unsigned test = ia.get_library_version();
ok = true;
} catch (...) { }
is.seekg(0, std::ios_base::beg);
is.clear();
return ok;
}
int main()
{
std::vector<int> data = { 19415, -2611, 12092, -3942, -2535, 12105, 21079, 4660, 3,
27131, 13647, 24428, 15159, 9029, 24827, -979, 17194, 25102, -3631,
20914, -3223, 25801, 6652, 26208, -77, 15606, 8764, 1896, 7430, 24323,
-152, 23805, -4259, 11243, 13367, 23559, 19293, 18581, 1639, 15671,
7929, 18386, 5168, 13816, 465, 15801, 16750, -3340, -202, 10412, 11068,
13458, 24304, 14814, 6530, 1178, -974, 12882, 757, 583, 4897, 24541,
12490, -119, 2240, -4833, 569, 24700, 24522, 8708, 9760, 26837, 26060,
20914, -3223, 25801, 6652, 26208, -77, 15606, 8764, 1896, 7430, 24323,
3377, 6972, 25689, 2334, 1567, 21670, 23233, 14711, 4650, -4703, 25057,
16057, 19488, 14575, 18936, 13346, 2779, 5644, 17165, 4526, 4390,
9616, 2413, 14459, -1070, -4079, 22126, 9063, 4362, 8182, 24439, 23625,
7929, 18386, 5168, 13816, 465, 15801, 16750, -3340, -202, 10412, 11068,
4184, 25930, 24767, 2785, 17361, 18033, 12366, 20548, -3831, -4101,
16841, -193, 23217, 6351, 19077, 23565, 10482, 4100, 27488, 15956,
-2577, 7161, 20943, 25708, -2877, 7900, -4564, -3647, 12008, 1648,
10533 };
{
std::ofstream ofs("data.bin", std::ios::out | std::ios::binary);
boost::archive::binary_oarchive oa(ofs);
oa & data;
ofs.flush();
ofs.close();
}
{
std::ifstream ifs("data.bin", std::ios::in | std::ios::binary);
if (can_deserialize(ifs))
{
std::cout << "OK! going to read..." << std::endl;
boost::archive::binary_iarchive ia(ifs);
std::vector<int> cloned;
ia & cloned;
std::cout << "Read " << cloned.size() << " records" << std::endl;
}
else
std::cout << "not OK! -- skipping data read" << std::endl;
}
}
这篇关于增强序列化:查看流是否为“好"序列.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!