httpd: uri length
Rob Landley
rob at landley.net
Mon Sep 5 03:58:37 UTC 2005
On Sunday 04 September 2005 06:40, Dirk Clemens wrote:
> Should we set an maximum allowed URI length?
I think malloc and free in the wrapper is better than limiting the URI length.
We already read in an arbitrary length in the first place, right?
I dunno about protecting against denial of service attacks that force an out
of memory condition with a 10 megabyte URL, but if we'd be putting in the
limit for the sake of alloca(), that isn't a good trade-off to me...
Rob
More information about the busybox
mailing list