Okay, so I've stolen data from your system, crafted an sql injection attack, whatever and for whatever reason I've decided to put this in your buffer. What exactly happens now? How is this a security risk. It might slow things down as you try to read that size, it might allow me to slow your connection by sending 20k bytes, but really, where's the security issue here. Meaning, how would you as an attacker move from stashing data you stole, in your scenario in a 20 k byte buffer to making that data do something? If that data is stolen, sending it back to you isn't going to matter, it's stolen. If I write a sql injection attack and it somehow runs on your system, the buffer size isn't going to matter because most injections don't take 20 k bytes to write. There's literally no explanation what so ever for limiting the buffer size due to security reasons.
-- Audiogames-reflector mailing list Audiogamesemail@example.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector