[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [Libevent-users] Patch: add constraints on HTTP first line/headers/body size
On Thu, Oct 08, 2009 at 12:30:54AM +0300, Constantine Verutin wrote:
> Hi,
>
> On Wed, Oct 7, 2009 at 10:16 PM, q6Yr7e0o nIJDVMjC
> <u9oqcd4p@xxxxxxxxxxxxxx>wrote:
>
> >
> > I like the idea but defining SIZE_UNLIMITED as -1 and comparing a
> > size_t to it doesn't seem right somehow. Wouldn't it be better do
> > define SIZE_UNLIMITED to 0 which is a valid size_t value and does not
> > make sense for the limits so it can be used as magic number?
>
>
> I see no reason why it can't be -1 (well, the best way here is to define
> SIZE_UNLIMITED as ((size_t) -1) ). Btw, setting the 'unlimited' constant to
> 0 is definitely wrong solution.
>
So long as we are painting the bike shed, I'd suggest that we just
admit that we want a signed type and use an ssize_t (or in our case,
an ev_ssize_t) for this. No muss, no fuss.
As for the original patch, I'm wondering a bit about the complexity.
I'm assuming that the idea here is to keep from running out of memory
if the HTTP request or response is too big or complex, and that sounds
like a fine idea. But what's the rationale for having separate limits
for the first line and for the total headers? And why limit both
the number of headers and their total length?
yrs,
--
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users in the body.