httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch ...@sfritsch.de>
Subject Re: svn commit: r826520 - /httpd/httpd/trunk/support/htdigest.c
Date Sun, 18 Oct 2009 21:23:34 GMT
On Sunday 18 October 2009, Guenter Knauf wrote:
> Hi,
> 
> Ruediger Pluem schrieb:
> > Why do you think that line should be also 3 * MAX_STRING_LEN?
> > I guess currently it can be MAX_STRING_LEN at max because of line
> > 256:
> >
> >     while (!(get_line(line,
> > http://mail-archives.apache.org/mod_mbox/httpd-dev/200107.mbox/%3
> >Csb52b03e.070@prv-mail20.provo.novell.com%3E f))) {
> >
> > But maybe this should be changed to
> >
> > while (!(get_line(line, 3 * MAX_STRING_LEN, f))) {
> >
> > as a password line could be up to 2 * MAX_STRING_LEN + length of
> > MD5 hash in hex + 1.
> 
> another problem I see here is that MAX_STRING_LEN = 8192 bytes,
>  that means that already 6*8k are allocated from stack which is a
>  problem at least on NetWare, as already discussed here back in
>  2001:
> http://mail-archives.apache.org/mod_mbox/httpd-dev/200107.mbox/%3Cs
> b52b03e.070@prv-mail20.provo.novell.com%3E I think for such things
>  like username, password, realm we dont need to expect more than
>  256 bytes, but even if we want to be super-save it would be enough
>  to reserve 512 bytes; so cant we introduce a new define like:
> #define SMALL_STRING_LEN 256
> and use this instead within the auth modules for username,
>  password, realm? 1,5k <-> 48k is a huge difference ...
> 
> Gün.
> 
digest.c already has

#define MAX_STRING_LEN 256

No problem there.


Mime
View raw message