Hi Why 8190? IMHO just malloc() a buffer of any length you like (depends on what data len your app would typically receive), then read() into it and if you exceed its sizeof while read() still returns positive values (i.e. not -1 and not 0), realloc() the buffer.
On 5/31/06, vladas <[EMAIL PROTECTED]> wrote:
So client could cause buff overflow by specifying wrong CONTENT_LENGTH in the custom-crafted headers. In that case, even the apache's 414 Request-URI Too Large could not prevent the problem,right? So the only solution I can figure out is allocate buffer >= than #define DEFAULT_LIMIT_REQUEST_LINE 8190 and to sscanf it to pick up the needed data from the headers sent from client. It seems like reinventing the wheel, really. Of course, I will google on it right away, but how e.g. mod_perl or other cgi's are dealing with it?
Maybe mod_perl and mod_cgi don't malloc() + read() the body, but just pass stdin file descriptor to the user? poka Alex
