[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [Libevent-users] Patch: add constraints on HTTP first line/headers/body size
Hi,
At Wed, 7 Oct 2009 20:01:04 -0400,
Nick Mathewson wrote:
> So long as we are painting the bike shed, I'd suggest that we just
> admit that we want a signed type and use an ssize_t (or in our case,
> an ev_ssize_t) for this. No muss, no fuss.
Yep, makes sense.
>
> As for the original patch, I'm wondering a bit about the complexity.
> I'm assuming that the idea here is to keep from running out of memory
> if the HTTP request or response is too big or complex, and that sounds
> like a fine idea. But what's the rationale for having separate limits
> for the first line and for the total headers? And why limit both
> the number of headers and their total length?
There's no limit on total headers length. There's a limit on _single_ header length.
--
WBR,
Constantine
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users in the body.