Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris

Re: Safely reading line by line

by RMGir (Prior)
on Jun 27, 2007 at 12:28 UTC ( #623602=note: print w/replies, xml ) Need Help??

in reply to Safely reading line by line

Assuming $fh is a handle to a file, File::Util has an interesting idea. It has a "readlimit" method that limits the size of file it will open.

Of course, if your attacker has local access, or you're reading from a socket, that won't save you, since the file could get appended or modified AFTER you've opened it.

Letting the interpreter crash is looking quite tempting :) Of course, that's only an option if it's not going to result in a denial-of-service attack.

I think your idea of writing your own buffering length-limited readline in terms of read or sysread is probably the way to go, but it's going to be mildly complex if you want to make it efficient... Of course, if you do work that out, it'd probably be a nice addition to IO::Handle

A reasonable alternative may be to recast your loop in terms of fixed-length reads, rather than line reads. But for line-oriented data, that's a pain :(

Hmmm, this wasn't a very helpful response, was it? Sorry about that. You've brought up an interesting problem, and I don't know what the right answer is, but hopefully one of these rambles sparks an idea for someone who DOES know.


Replies are listed 'Best First'.
Re^2: Safely reading line by line
by moritz (Cardinal) on Jun 27, 2007 at 12:38 UTC
    Your post was helpful indeed, but there is a thing to consider (and the reason for me to propose crashing the interpreter ;-)

    If you read data line by line, that's usually because you need it line by line.

    Depending on your application it might be possible to handle incomplete lines without much change to your program, or it might not.

    If there is a good reason for line based reading, and the line doesn't fit into RAM, you're lost anyway. (Not always, but still rather often).

    On the other hand if the line based reading is just a method of chunking the data, then the approach that uses a read limit is probably the way to go.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://623602]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (4)
As of 2023-09-26 18:54 GMT
Find Nodes?
    Voting Booth?

    No recent polls found