httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@ai.mit.edu (Robert S. Thau)
Subject Re: includes security hole
Date Tue, 11 Apr 1995 11:26:51 GMT
Hmmm... so "char opts[MAX_STRING_LEN]" in evaluate_access turns into
an array of MAX_STRING_LEN int's... that's 32K on the stack.  Not
prohibitive, I suppose, but multiplied by every server in a pool it
starts to add up.  MAX_STRING_LEN is a bit high for the maximum
number of directories in a pathname; perhaps it might be good to
crank it down a bit.

Just thinking out loud...

rst

Mime
View raw message