[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: getline & getline_safe

From: Derek Robert Price
Subject: Re: getline & getline_safe
Date: Fri, 25 Jul 2003 11:11:06 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1

Paul Edwards wrote:

I don't see any reason for the maximum string size acceptable in

the CVS application to be in any way dependent on the maximum
file size that the OS supports.  Even if you have made a *guess*
that FILENAME_MAX/MAX_PATH should be larger than
CVS_MAX_STRING on "most platforms", thus just cascading the
former (as is currently done) should be fine.

You're correct, there is no reason for this, and, in fact, CVS does not do it.

The original discussion was about limiting the length of strings read _during authentication_. This stops a denial of service attack where an unauthenticated client could cause a CVS server to make a grab for as much memory as the system would allow. The rest of the protocol is not checked in this manner. Once a client is authenticated, we trust it.



Email: derek@ximbiot.com

Get CVS support at <http://ximbiot.com>!
I will finish what I sta
I will finish what I sta
I will finish what I sta...

         - Bart Simpson on chalkboard, _The Simpsons_

reply via email to

[Prev in Thread] Current Thread [Next in Thread]