[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV Lynx/MSIE denial-of-service

From: Tom Zerucha
Subject: Re: LYNX-DEV Lynx/MSIE denial-of-service
Date: Fri, 14 Mar 1997 15:45:51 -0500 (EST)

On Tue, 11 Mar 1997, Larry W. Virden, x2487 wrote:

> > > In any case, please _don't_ put arbitrary limits into lynx ; I would
> > > just as soon see no limits put in myself and just have lynx stop when it
> > > can't go any further.
> > 
> > Well, on a single user system that's OK, but I'd be royally peeved (and
> > so would the other programmers) if somebody using Lynx encountered a
> > redirect to http://localhost:19/ and froze the system. :(
> Yes, I can certainly see that.  I can also see that if someone set things up
> so that files larger than 1 meg weren't able to be downloaded that a
> major use of lynx (background download of .tar files, etc. served only
> from WWW servers) would be broken.

HTTP has some limits as to what the first line should be that should put a
small upper limit on the length.  Read a first line up to X chars and
syntax verify it.  Further, If it doesn't see a valid header (the GET,
POST, etc, cookies, useragent strings, etc. followed by two crlfs) within
some limit (e.g. 16-32K) it should abort the connection. 

finger address@hidden for PGP key

; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]