httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Robert S. Thau)
Subject Re: Possible security problem in referer_log_transaction... ? (fwd)
Date Mon, 18 Dec 1995 22:20:22 GMT
Sigh... I tried to get rid of MAX_STRING_LENGTH stuff completely as
part of the Shambhala cleanup, and nearly succeeded, but it seems a few
crept back in.  FWIW, a non-optimal fix for the security hole would be
to replace the %s's in the format string with, say, %2000s's --- this
would give correct performance for reasonable requests while performing
better than it currently does for the outrageous ones.

Oh, well.


View raw message