httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <>
Subject Re: cvs commit: apache/src/nt mod_isapi.c modules.c
Date Tue, 22 Jul 1997 21:03:46 GMT

On Tue, 22 Jul 1997, Alexei Kosut wrote:

> Fine, so I did it that way. WebSite does the same thing. The problem is
> that the code allocates memory based on the Content-Length passed by the
> client, whether or not that number is accurat. So if I opened up a POST
> to one of these ISAs, and passed it a "Content-length: 100000000", it
> would try and allocate 100 megs of memory, most likely doing something
> nasty to the server if that much memory wasn't available.

... and the client wouldn't even need to send the 100megs.

At least with the current DoS (send infinite headers to apache) you have
to actually transmit the gunk.  This is one of those cases that it's best
to just start using resource limits wherever possible.


View raw message