Carson Harding,
Thank you for the inspiring guide!
Thank you for your time.
On 01/06/06, Carson Harding <[EMAIL PROTECTED]> wrote:
<...>
Respecfuly.
On Wed, May 31, 2006 at 02:14:09AM +0900, vladas wrote:
> Does (the above) really mean that URL more than 8190 bytes would be
> rejected? Or I am mixing something here?
Yes, overly-long URLs will be rejected. Use POST, not GET, in such
cases.
All recent Apache versions are configured this way, I
On 31 May 2006 08:21:03 -0700, Randal L. Schwartz wrote:
why are you doing CGI in C? you can get the same code written
much faster in Perl. And if you need speed, you can migrate that same
code to running under mod_perl, and then it'll be FAR faster than
forking a separate process for a C prog
On 31/05/06, Alexander Farber <[EMAIL PROTECTED]> wrote:
Hi
Why 8190? IMHO just malloc() a buffer of any length you like
(depends on what data len your app would typically receive),
then read() into it and if you exceed its sizeof while read() still
returns positive values (i.e. not -1 and not
Hi
Why 8190? IMHO just malloc() a buffer of any length you like
(depends on what data len your app would typically receive),
then read() into it and if you exceed its sizeof while read() still
returns positive values (i.e. not -1 and not 0), realloc() the buffer.
On 5/31/06, vladas <[EMAIL PROTE
So client could cause buff overflow by specifying wrong
CONTENT_LENGTH in the custom-crafted headers. In that case,
even the apache's 414 Request-URI Too Large could not prevent the
problem,right?
Not to waste readers' (if any) time, I will be more detailed:
I have meant
In that case, even the
Alexander, thank you - really - very much for the reply.
Shame on me for a slow response.
The CGI's env. variable CONTENT_LENGTH is set from the
client's header (see /usr/src/usr.sbin/httpd/src/main/util_script.c:
Please excuse me for being mistaken in these (as well as the ones
in the previo
This is bad because CONTENT_LENGTH could be > sizeof(buff):
On 5/30/06, vladas <[EMAIL PROTECTED]> wrote:
char buff[1];
const char *len1 = getenv("CONTENT_LENGTH");
contentlength=strtol(len1, &endptr, 10);
fread(buff, contentlength, 1, stdin);
On 5/30/06, vladas <[EMAIL PROTECTED]> wrote:
I am concerned for the cases where URL given by the cliend side is like 2MB.
In my understanding, there is a gap between the server opening a socket
for the connection and starting reading in the data from the client until
the end of that readining-i
On 30/05/06, Tobias Ulmer <[EMAIL PROTECTED]> wrote:
Thank you very much for the reply!
also make sure that your buffers are large enough for all possible
circumstances.
I am concerned for the cases where URL given by the cliend side is like 2MB.
In my understanding, there is a gap between t
On Tue, May 30, 2006 at 07:05:06PM +0900, vladas wrote:
> Sorry if this is too simple. It's still ongoing learning process for me.
>
> I dare to ask about it on misc@ because the code will be running on OpenBSD
> and
> because I want to learn how to use OpenBSD properly.
>
> Its about getenv("C
11 matches
Mail list logo
