Hi, Ruediger Pluem schrieb: > Why do you think that line should be also 3 * MAX_STRING_LEN? > I guess currently it can be MAX_STRING_LEN at max because of line > 256: > > while (!(get_line(line, > http://mail-archives.apache.org/mod_mbox/httpd-dev/200107.mbox/%[email protected]%3e > f))) { > > But maybe this should be changed to > > while (!(get_line(line, 3 * MAX_STRING_LEN, f))) { > > as a password line could be up to 2 * MAX_STRING_LEN + length of MD5 hash in > hex + 1.
another problem I see here is that MAX_STRING_LEN = 8192 bytes, that means that already 6*8k are allocated from stack which is a problem at least on NetWare, as already discussed here back in 2001: http://mail-archives.apache.org/mod_mbox/httpd-dev/200107.mbox/%[email protected]%3e I think for such things like username, password, realm we dont need to expect more than 256 bytes, but even if we want to be super-save it would be enough to reserve 512 bytes; so cant we introduce a new define like: #define SMALL_STRING_LEN 256 and use this instead within the auth modules for username, password, realm? 1,5k <-> 48k is a huge difference ... Gün.
