On Sat, 2006-10-21 at 09:07 +1000, Brian May wrote:
Ulf> someone fix the DOS vulnerability in mtn serve - being able
What DOS vulnerability is this?
I think someone mentioned that a dropped connection (such as from an
unplugged network cable) will make the server I(). I don't know what the
status of this is.
It looks like a netcmd packet can be up to 128MB. A client could
probably make the server eat 128MB per connection (or maybe 256MB, I
think it actually buffers up to 2*netcmd_maxsz bytes), by sending a
really really long include/exclude pattern. This works even without read
access, because the server doesn't know whether you have permissions
until it parses the first netcmd packet you send. Note that making this
limit smaller would limit the maximum size of files in a repo that you
wanted to sync; fixing this would mean having a much smaller buffer
limit for not-yet-authenticated connections.
smime.p7s