Merge branch 'defuse-binary' into 'develop'

Draft: Fix RCE via erlang.binary_to_term

See merge request pleroma/pleroma!4203

changelog.d/binary_to_term-rce.security

@@ -0,0 +1 @@
+- Fix unsafe cast of database-stored configuration values that could lead to code execution

lib/pleroma/captcha.ex

@@ -66,7 +66,7 @@ defmodule Pleroma.Captcha do
 
     with false <- is_nil(answer_data),
          {:ok, data} <- MessageEncryptor.decrypt(answer_data, secret, sign_secret),
-         %{at: at, answer_data: answer_md5} <- :erlang.binary_to_term(data) do
+         %{at: at, answer_data: answer_md5} <- Plug.Crypto.non_executable_binary_to_term(data) do
       {:ok, %{at: at, answer_data: answer_md5}}
     else
       _ -> {:error, :invalid_answer_data}

lib/pleroma/ecto_type/config/binary_value.ex

@@ -11,14 +11,14 @@ defmodule Pleroma.EctoType.Config.BinaryValue do
     if String.valid?(value) do
       {:ok, value}
     else
-      {:ok, :erlang.binary_to_term(value)}
+      {:ok, Plug.Crypto.non_executable_binary_to_term(value)}
     end
   end
 
   def cast(value), do: {:ok, value}
 
   def load(value) when is_binary(value) do
-    {:ok, :erlang.binary_to_term(value)}
+    {:ok, Plug.Crypto.non_executable_binary_to_term(value)}
   end
 
   def dump(value) do

lib/pleroma/workers/mailer_worker.ex

@@ -9,7 +9,7 @@ defmodule Pleroma.Workers.MailerWorker do
   def perform(%Job{args: %{"op" => "email", "encoded_email" => encoded_email, "config" => config}}) do
     encoded_email
     |> Base.decode64!()
-    |> :erlang.binary_to_term()
+    |> Plug.Crypto.non_executable_binary_to_term()
     |> Pleroma.Emails.Mailer.deliver(config)
   end