Re: getline & getline_safe

[Derek Robert Price]

Paul Edwards wrote:

> I don't see any reason for the maximum string size acceptable in
>
> the CVS application to be in any way dependent on the maximum
> file size that the OS supports.  Even if you have made a *guess*
> that FILENAME_MAX/MAX_PATH should be larger than
> CVS_MAX_STRING on "most platforms", thus just cascading the
> former (as is currently done) should be fine.
>  

You're correct, there is no reason for this, and, in fact, CVS does not 
do it.

The original discussion was about limiting the length of strings read 
_during authentication_.  This stops a denial of service attack where an 
unauthenticated client could cause a CVS server to make a grab for as 
much memory as the system would allow.  The rest of the protocol is not 
checked in this manner.  Once a client is authenticated, we trust it.

Derek

--
               *8^)

Email: derek@ximbiot.com

Get CVS support at <http://ximbiot.com>!
--
I will finish what I sta
I will finish what I sta
I will finish what I sta...

         - Bart Simpson on chalkboard, _The Simpsons_