Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/coreStandardServer.java

[Craig R. McClanahan]

On Tue, 21 Aug 2001, Justin Erenkrantz wrote:

> On Tue, Aug 21, 2001 at 06:51:52PM -0000, [EMAIL PROTECTED] wrote:
> > craigmcc    01/08/21 11:51:52
> > 
> >   Modified:    catalina/src/share/org/apache/catalina/core
> >                         StandardServer.java
> >   Log:
> >   Fix for a DoS attack against the shutdown port, that could cause an "out
> >   of memory" exception by sending a continuous stream of characters.  Now,
> >   Tomcat will only listen for enough characters to match or not-match the
> >   required password, then it shuts the port.
> 
> Now I'll know exactly how long the shutdown password is.  =-)  -- justin
> 
> 

True ... that will be fixed in a second, along with another problem in
this code (it doesn't restrict connects to the local server).

Craig