Bugtraq mailing list archives
Re: Fixing the NCSA HTTPD 1.3 (fwd)
From: lopatic () dbs informatik uni-muenchen de (Thomas Lopatic)
Date: Thu, 16 Feb 1995 10:57:56 +0100 (MET)
Hi there,
2. have getline() read only 1000 characters instead of HUGE_STRING_LEN (file http_request.c: getline(l,HUGE_STRING_LEN/4,in,timeout) instead of getline(l,HUGE_STRING_LEN,in,timeout))I don't see any obvious problems with it (then again, I'm no expert on NCSA's code) but I'm curious: is there any rationale behind the magic number 4 here, or is that an essentially arbitrary decision?
it is an arbitrary decision to introduce some security in case I've missed something in the code of the HTTPD. I think it should be enough just to make HUGE_STRING_LEN and MAX_STRING_LEN have the same value. Maybe my approach was a bit paranoid. If you need URLs larger than 1000 chars you might want to increase the buffer sizes. These are pretty much arbitrary as well. Sorry for not saying so in the posting. Greetings, -Thomas -- Thomas Lopatic lopatic () informatik uni-muenchen de
Current thread:
- Re: Fixing the NCSA HTTPD 1.3 (fwd) Thomas Lopatic (Feb 16)