W3C home > Mailing lists > Public > www-validator@w3.org > July 2001

Re: Buffer overflow bug in Validator?

From: Terje Bless <link@tss.no>
Date: Wed, 18 Jul 2001 12:25:00 +0200
To: Martin Duerst <duerst@w3.org>
cc: www-validator@w3.org
Message-ID: <20010718133035-r01010700-aae2d2cc-0910-010c@192.168.1.6>
On 18.07.01 at 19:04, Martin Duerst <duerst@w3.org> wrote:

>But I'm not sure we should leave it as it is. It would probably make sense
>to put some limit on overall file length, to avoid denial of service
>attacks.

Yes. Especially as a sufficiently large file will fill up the disk and
never recover without manual intervention. I've been meaning to look into
this for a while, but never got around to it.

However, this shouldn't necessarily mean that we limit the size of what we
can theoretically validate. It just means that we should handle large files
gracefully (i.e. in chunks) and allow local installations to place
arbitrary limits on how large files they will allow (with a configuration
parameter or somesuch).
Received on Wednesday, 18 July 2001 07:30:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 25 April 2012 12:13:59 GMT