On 05/27, John Hardin wrote:
> Yes. "*" is "zero or more, unbounded" and "+" is "one or more, unbounded".
>
> It's much better to have an upper limit in body and rawbody rules,
> e.g. {0,80} or {1,80}
>
> The upper limit may need some experimentation to set in specific
> cases, but even so, {0,255} can be much less painful than *.
So somebody should (open a bug to) go through all the rules we provide
and replace all instances of "*" with {0,255} and "+" with {1,255}?
> Header and URI texts are inherently fairly short so it's safer to
> use unbounded matches against them, but even so it's good idea to
But still vulnerable to regex DoS....
--
"I don't want to die... just yet... not while there's... women."
- J. Matthew Root, 8/23/02 (http://www.jmrart.com/)
http://www.ChaosReigns.com
