On Thu, May 30, 2002 at 11:17:23PM -0000, [EMAIL PROTECTED] wrote: > jerenkrantz 02/05/30 16:17:23 > > Modified: . STATUS > Log: > showstoppers++; (groan) >... > RELEASE SHOWSTOPPERS: > + > + * 413 (invalid chunk size) followed by another request segfaults. > + Message-ID: <[EMAIL PROTECTED]> > + Status: Justin is completely confounded by this. It looks like a > + bucket lifetime bug, but somehow an operation on one > + brigade is altering another brigade and corrupting it.
IMO, this isn't a showstopper. Any current client that happens to *send* chunked data is not going to be sending invalid chunk sizes. So we aren't really fixing a problem here, but a potential DOS attack. But when you stop and think about it: rather than crashing servers, a client could simply attach and wait on the socket. They can tie up *way* more processes that way (until the server times them out, but that is 15 seconds later; a *lot* longer than it would take to restart a crashed child) So... while it should be fixed, I wouldn't call it a showstopper. Cheers, -g -- Greg Stein, http://www.lyra.org/
