svn commit: r1037927 - /tomcat/tc6.0.x/trunk/STATUS.txt

Mon, 22 Nov 2010 14:51:30 -0800 

Author: kkolinko
Date: Mon Nov 22 22:49:54 2010
New Revision: 1037927

URL: http://svn.apache.org/viewvc?rev=1037927&view=rev
Log:
proposal

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1037927&r1=1037926&r2=1037927&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Nov 22 22:49:54 2010
@@ -95,15 +95,19 @@ PATCHES PROPOSED TO BACKPORT:
   Note: Don't change return type for parseEndChunk(), just return true.
   +1: markt, kkolinko
   -1:
+  kkolinko: Only if accompanied by a patch that sets limit on the maximum
+  size of ChunkedInputFilter.trailingHeaders buffer. I am proposing such a
+  patch below. Otherwise it would be vulnerable to a DOS.
 
   kkolinko: Additional patch:
   http://svn.apache.org/viewvc?rev=1033842&view=rev
   +1: kkolinko, markt
   -1:
 
-  kkolinko: Maybe we can/should add a system property to allow to impose
-  a limit on the trailers length? Via ByteChunk.setLimit().
-
+  kkolinko: Patch to impose limit on the trailers length:
+  http://svn.apache.org/viewvc?rev=1037924&view=rev
+  +1: kkolinko
+  -1:
 
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50026
   Force DefaultServlet to serve all resources relative to context root



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to