Re: Fixing the NCSA HTTPD 1.3 (fwd)

[lopatic () dbs informatik uni-muenchen de (Thomas Lopatic)]

Hi there,

> > 2. have getline() read only 1000 characters instead of HUGE_STRING_LEN
> >    (file http_request.c: getline(l,HUGE_STRING_LEN/4,in,timeout) instead
> >     of getline(l,HUGE_STRING_LEN,in,timeout))
>
> I don't see any obvious problems with it (then again, I'm no expert on 
> NCSA's code) but I'm curious: is there any rationale behind the magic 
> number 4 here, or is that an essentially arbitrary decision?

it is an arbitrary decision to introduce some security in case I've missed
something in the code of the HTTPD. I think it should be enough just to
make HUGE_STRING_LEN and MAX_STRING_LEN have the same value. Maybe my approach
was a bit paranoid. If you need URLs larger than 1000 chars you might want
to increase the buffer sizes. These are pretty much arbitrary as well. Sorry
for not saying so in the posting.

Greetings,
-Thomas

-- 
Thomas Lopatic                               lopatic () informatik uni-muenchen de