From 223bc7bc9d1550525485c61a15b3deb095862a66 Mon Sep 17 00:00:00 2001 From: David Scott Date: Sat, 12 Mar 2016 15:02:01 +0000 Subject: [PATCH] doc: add a big warning about information leaking via `Cstruct.create` This improves the situation described in #30 Signed-off-by: David Scott --- lib/cstruct.mli | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/cstruct.mli b/lib/cstruct.mli index 30c4bfd6..a0052996 100644 --- a/lib/cstruct.mli +++ b/lib/cstruct.mli @@ -188,7 +188,16 @@ val to_bigarray: t -> buffer sharing of the underlying buffer. *) val create : int -> t -(** [create len] is a cstruct of size [len] with an offset of 0. *) +(** [create len] is a cstruct of size [len] with an offset of 0. + + Note that the returned cstruct will contain arbitrary data, + likely including the contents of previously-deallocated cstructs. + + Beware! + + Forgetting to replace this data could cause your application + to leak sensitive information. +*) val of_string: ?allocator:(int -> t) -> string -> t (** [of_string ~allocator str] is the cstruct representation of [str],