httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: [PATCH] 1.2: "DoS" attack
Date Tue, 30 Dec 1997 19:09:26 GMT
On Tue, 30 Dec 1997, Ben Laurie wrote:

> Dean Gaudet wrote:
> > 
> > Otherwise known as "O(n^2) loops are lame".
> 
> AAMOI, I was considering whether to make a similar change for the
> table_set/unset problem, which is O(mn) where m is the number of repeats
> and n is the number of elements in the table. The snag was that to do it
> efficiently where m=1 (presumably the usual case) was more effort than I
> felt like expending.
> 
> Anyway, that aside, I suspect this isn't the only problem, as I have
> this just in from the reporter of the DoS:

I don't think I buy that.  Someone else just posted the same thing to
bugtraq, but Apache only does that for the _last_ name.

Ben, you want to mail the below person with Dean's patch and see if it
works for them?

I will mail the most recent poster to bugtraq asking...

> 
> > Neeep, extra shlashes causes a major difference... Apache loops
> > looking for files from set (index.html, index.shtml, index.cgi,
> > homepage.html, homepage.shtml, homepage.cgi), but every time he gets
> > an 'filename too long' error. Finally, it dies (?) without releasing
> > memory or resources (improper cleanup after error?).
> 
> Cheers,
> 
> Ben.
> 
> -- 
> Ben Laurie            |Phone: +44 (181) 735 0686|Apache Group member
> Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org
> and Technical Director|Email: ben@algroup.co.uk |Apache-SSL author
> A.L. Digital Ltd,     |http://www.algroup.co.uk/Apache-SSL
> London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache
> 


Mime
View raw message