On Sunday 18 October 2009, Guenter Knauf wrote: > Hi, > > Ruediger Pluem schrieb: > > Why do you think that line should be also 3 * MAX_STRING_LEN? > > I guess currently it can be MAX_STRING_LEN at max because of line > > 256: > > > > while (!(get_line(line, > > http://mail-archives.apache.org/mod_mbox/httpd-dev/200107.mbox/%3 > >[email protected]%3e f))) { > > > > But maybe this should be changed to > > > > while (!(get_line(line, 3 * MAX_STRING_LEN, f))) { > > > > as a password line could be up to 2 * MAX_STRING_LEN + length of > > MD5 hash in hex + 1. > > another problem I see here is that MAX_STRING_LEN = 8192 bytes, > that means that already 6*8k are allocated from stack which is a > problem at least on NetWare, as already discussed here back in > 2001: > http://mail-archives.apache.org/mod_mbox/httpd-dev/200107.mbox/%3Cs > [email protected]%3e I think for such things > like username, password, realm we dont need to expect more than > 256 bytes, but even if we want to be super-save it would be enough > to reserve 512 bytes; so cant we introduce a new define like: > #define SMALL_STRING_LEN 256 > and use this instead within the auth modules for username, > password, realm? 1,5k <-> 48k is a huge difference ... > > Gün. > digest.c already has
#define MAX_STRING_LEN 256 No problem there.
