|
From: | Derek Robert Price |
Subject: | Re: getline & getline_safe |
Date: | Fri, 25 Jul 2003 11:11:06 -0400 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 |
Paul Edwards wrote:
I don't see any reason for the maximum string size acceptable in the CVS application to be in any way dependent on the maximum file size that the OS supports. Even if you have made a *guess* that FILENAME_MAX/MAX_PATH should be larger than CVS_MAX_STRING on "most platforms", thus just cascading the former (as is currently done) should be fine.
You're correct, there is no reason for this, and, in fact, CVS does not do it.
The original discussion was about limiting the length of strings read _during authentication_. This stops a denial of service attack where an unauthenticated client could cause a CVS server to make a grab for as much memory as the system would allow. The rest of the protocol is not checked in this manner. Once a client is authenticated, we trust it.
Derek -- *8^) Email: derek@ximbiot.com Get CVS support at <http://ximbiot.com>! -- I will finish what I sta I will finish what I sta I will finish what I sta... - Bart Simpson on chalkboard, _The Simpsons_
[Prev in Thread] | Current Thread | [Next in Thread] |