Paul Hoffman / IMC wrote: > At 10:10 PM +0900 10/14/02, Soobok Lee wrote: > >> Most applications programmer have been reserving 256 bytes for any LDH >> FQDN buffer space . > > > It is amazingly arrogant for anyone to make statements about "most > applications programmer".
I accepted. :-) > > >> But that convention should be changed to cover the cases of long utf8 >> IDN FQDN which may be >> 3 or 4 times longer than 256 octets. > > > Why just UTF8? Why not UTF16? Or GB? Or ... ? I already mentioned other encodings in the early postings. > > >> If this warning is neglected by application programmers, >> some remote malicious crackers will send to users' applications long ACE >> IDNs manufactured to >> cause buffer overflow errors when toUnicoded and seaze control of the >> machine. > > > Oh, come on. Step 6 of ToUnicode is exactly two words long. Which one > of those two words do you think that other applications programmers > will not understand? "6. Apply ToASCII " is for verification purpose and it won't change that situation. Step 8 of ToUnicode function which may have enough buffer space itself will return long unicode string result to cal;ling applications that may have shorter buffer space. > > > --Paul Hoffman, Director > --Internet Mail Consortium
