Re: Buffer overflow bug in Validator?

From: Terje Bless (link@tss.no)
Date: Wed, Jul 18 2001

Next message: Terje Bless: "Re: Icon for XHTML 1.1?"

Previous message: Terje Bless: "Re: Invalid validation?"
In reply to: Martin Duerst: "Re: Buffer overflow bug in Validator?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Other mail archives: [this mailing list] [other W3C mailing lists]
Mail actions: [ respond to this message ] [ mail a new topic ]

Date: Wed, 18 Jul 2001 12:25:00 +0200
From: Terje Bless <link@tss.no>
To: Martin Duerst <duerst@w3.org>
cc: www-validator@w3.org
Message-ID: <20010718133035-r01010700-aae2d2cc-0910-010c@192.168.1.6>
Subject: Re: Buffer overflow bug in Validator?

On 18.07.01 at 19:04, Martin Duerst <duerst@w3.org> wrote:

>But I'm not sure we should leave it as it is. It would probably make sense
>to put some limit on overall file length, to avoid denial of service
>attacks.

Yes. Especially as a sufficiently large file will fill up the disk and
never recover without manual intervention. I've been meaning to look into
this for a while, but never got around to it.

However, this shouldn't necessarily mean that we limit the size of what we
can theoretically validate. It just means that we should handle large files
gracefully (i.e. in chunks) and allow local installations to place
arbitrary limits on how large files they will allow (with a configuration
parameter or somesuch).

Next message: Terje Bless: "Re: Icon for XHTML 1.1?"
Previous message: Terje Bless: "Re: Invalid validation?"
In reply to: Martin Duerst: "Re: Buffer overflow bug in Validator?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Other mail archives: [this mailing list] [other W3C mailing lists]
Mail actions: [ respond to this message ] [ mail a new topic ]