-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1,SHA256 Johan van Selst wrote: > Daniel Kahn Gillmor wrote: >> Fix? >> ---- >> I'm afraid i don't know ocaml at all, so i don't have a proposed fix. >> It seems to be related to the event loop model on the sks db process, >> though. Looking at it from a system call level: either sks should be >> multi-threaded, or reads from network sockets should be non-blocking, >> and bundled into an aggregate select() statement so that concurrent >> requests can be properly interleaved. > > This seems to be the best way forward. Is anybody on this list actually > looking into the suggested solution? Most people here, myself included, > don't seem to be very fluent in OCaml programming. But I would > definately appreciate it if somebody could look into this and come up > with a real fix, rather than best-practice workarounds with reverse > webproxies.
Oddly, I was looking at a different problem last night and noticed this snippet appearing twice in wserver.ml: 188-189 let rec parse_headers map cin = let line = input_line cin in (* DOS attack: input_line is unsafe on sockets *) 201-202 let parse_request cin = let line = input_line cin in (* DOS attack: input_line is unsafe on sockets *) So, it would appear to my barely apprentice level OCaml, that our solution lies in a socket-safe implementation of input_line - -John - -- John P. Clizbe Inet: John (a) Gingerbear DAWT net SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12-git-509fe4ce-2012-01-31 (Windows XP) Comment: When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl! Comment: Be part of the £7 ECHELON -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPlhrvAAoJECMTMVxDW9A0P7AH/RnE96vobo4zm8t+jsD2U0HA VH7aIqXPn95DNedG8kl8bbIjRkQFH/JdmTVcE0MMAuKS5B1MGKrdiyjOdpDDebZE bjN9kgj9laiWXybY2Q9JAdDBXRsyCpeQPOiUCs5xoHL4NbWP61r3D37wRXssfWOL WZhfNWanFJdUltFE3Mct9mezxa+XqQJSl8lfNkcNlZk8TORPEwo7SG/iTcPeAjKL yiAPlZyNj63Ynkj9G/v3C5NJocVjhsXOGjK99QAVaCyGGK/PypBvE+RlSLF1O9gA gRmsSrCWTIlRdCynyrqY5TraJaxCAH47TukDtP4suIep/FU63zktM72FV/jGNlaI XgQBEQgABgUCT5Ya7wAKCRDrXhnz1laYJae/AP92fyLBNwIrucpWLAex1/k9FqOW 8vkvWhOQ1h+rR9DCSQD7BWesAuVLqjWo0z4bgvhDhYzqWX+6nGo2qTnNiNYd1Iw= =1nMU -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel