Launchpad has imported 3 comments from the remote bug at https://banu.com/bugzilla/show_bug.cgi?id=110.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2012-08-14T21:54:31+00:00 gpernot wrote: Created attachment 59 randomized hashmaps to prevent DOS attacks hashmap are not randomized, so that it is possible to forge fake headers that will always go into the same bucket. try 'curl http://78.230.4.96/hashes.asis' via tinyproxy and without it to convince you (~8 MB of headers). I'll remove this url as soon as bug is accepted... attached patch should solve this. it's certainly perfectible, though (autoconf for time() and rand() are missing...). Reply at: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/comments/0 ------------------------------------------------------------------------ On 2012-08-14T22:24:55+00:00 gpernot wrote: even with this patch, it takes ages. maybe headers should be sanitized before hiting the buckets... Reply at: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/comments/1 ------------------------------------------------------------------------ On 2012-08-15T07:24:49+00:00 gpernot wrote: Created attachment 60 limit number of headers to prevent DoS attacks Reply at: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/comments/2 ** Changed in: tinyproxy Status: Unknown => Confirmed ** Changed in: tinyproxy Importance: Unknown => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1036985 Title: denial of service of too many headers in response To manage notifications about this bug go to: https://bugs.launchpad.net/tinyproxy/+bug/1036985/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
