httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Pane <brian.p...@cnet.com>
Subject Re: FW: cvs commit: httpd-2.0/modules/proxy proxy_http.c
Date Wed, 11 Dec 2002 16:38:08 GMT
Unless I'm missing something, this patch would make the
proxy vulnerable to a DoS.  An attacker could cause the
httpd to buffer an arbitrarily large amount of data simply
by sending an arbitrarily large request body, right?

Brian


On Tue, 2002-12-10 at 15:55, Bill Stoddard wrote:
> Any objections to porting this to 2.0?
> 
> Bill
> 
> jerenkrantz    2002/12/08 21:37:27
> 
>   Modified:    .        CHANGES
>                modules/proxy proxy_http.c
>   Log:
>   Rewrite how proxy sends its request to allow input bodies to morph the request
>   bodies.  Previously, if an input filter changed the request body, the
>   original C-L would be sent which would be incorrect.
> 
>   Due to HTTP compliance, we must either send the body T-E: chunked or include
>   a C-L for the request body.  Connection: Close is not an option.



Mime
View raw message