> On Thu, May 30, 2002 at 11:17:23PM -0000, [EMAIL PROTECTED] wrote:
> > jerenkrantz 02/05/30 16:17:23
> >
> > Modified: . STATUS
> > Log:
> > showstoppers++; (groan)
> >...
> > RELEASE SHOWSTOPPERS:
> > +
> > + * 413 (invalid chunk size) followed by another request segfaults.
> > + Message-ID: <[EMAIL PROTECTED]>
> > + Status: Justin is completely confounded by this. It looks like a
> > + bucket lifetime bug, but somehow an operation on one
> > + brigade is altering another brigade and corrupting it.
>
> IMO, this isn't a showstopper.
>
> Any current client that happens to *send* chunked data is not going to be
> sending invalid chunk sizes. So we aren't really fixing a problem here, but
> a potential DOS attack. But when you stop and think about it: rather than
> crashing servers, a client could simply attach and wait on the socket. They
> can tie up *way* more processes that way (until the server times them out,
> but that is 15 seconds later; a *lot* longer than it would take to restart a
> crashed child)
And all that child's threads? If we are voting, I vote this is a showstopper. A
segfaulting process can leave an awful lot of cruft laying around.
Bill
