httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: [PATCH] 1.2: "DoS" attack
Date Tue, 30 Dec 1997 19:35:43 GMT


On Tue, 30 Dec 1997, Ben Laurie wrote:

> Dean Gaudet wrote:
> > My money says they don't understand how unix memory mgmt works.  Yes it
> > does report a filename too long error, but it certainly doesn't die for
> > me.  I tested it across loopback on my desktop and I certainly didn't have
> > any problem typing "ps -auxww | grep httpd" and notice it barely noticing
> > the "attack" after my patch went in.  But my desktop is a dual pentium pro
> > 200 w/512Mb RAM, so YMMV :)
> 
> Did it kill it before your patch?

It didn't kill it, but it did have a noticeable impact.  There were a
bunch of httpds all chewing cpu.  I didn't think to look at ram. 

> > I was going to comment on the filename too long thing later... it's kind
> > of screwy that we call no2slash() in location_walk, then directory_walk,
> > then file_walk, then location_walk the second time around.  And
> > r->filename isn't ever updated so when mod_dir gets its hands on the
> > filename it constructs super long filenames that are just begging to fail
> > :)
> > 
> > But I didn't want to propose a patch for any of this because I've
> > misplaced the part of my brain that understands r->filename and the subtle
> > security semantics surrounding it.
> 
> Yeah, well, see my earlier comment about "proxy:" in filenames, which
> must surely be relevant...

Yeah my head isn't working right this morning.  Maybe I drank too much
last week.

Dean



Mime
View raw message