On 2003.11.19, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Log Message:
> Potential DoS attack fixes. Limiting the # of bytes on request
Woah -- does this short-circuit things like POST limit size? Or is this
only limiting the size of the HTTP request *headers*, not including the
HTTP request as a whole (which could contain the POST data, etc.)?
> Index: driver.c
[...]
> *** 1381,1384 ****
> --- 1394,1401 ----
> if (s != NULL) {
> reqPtr->length = atoi(s);
> + if (reqPtr->length < 0
> + && reqPtr->length > sockPtr->drvPtr->servPtr->limits.maxpost) {
> + return SOCK_ERROR;
> + }
> }
> } else {
How can that condition ever be true? If reqPtr->length < 0 is true,
then the only way reqPtr->length > sockPtr->...->limits.maxpost can be
true is if limits.maxpost < reqPtr->length < 0.
Was that meant to be an || and not an && ?
-- Dossy
--
Dossy Shiobara mail: [EMAIL PROTECTED]
Panoptic Computer Network web: http://www.panoptic.com/
"He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of
your email blank.
