httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: svn commit: r1484852 - in /httpd/httpd/trunk: CHANGES modules/http/http_filters.c
Date Wed, 22 May 2013 13:04:18 GMT
On 22 May 2013, at 2:47 PM, Yann Ylavic <ylavic.dev@gmail.com> wrote:

> Well, one could inject arbitrary data in this room (with no LF), bypassing LimitRequestBody
(which does not count chunks separators), and eat resources.
> This opens doors, as often when a protocol is not checked carefully…

Again, this matches the previous filter behaviour, and changing this is a separate discussion.

All line lengths including the one you're referring to are constrained by LimitRequestFieldSize,
so to say that the protocol is unconstrained is false.

Regards,
Graham
--


Mime
View raw message