[Toybox] getline() length
M Farkas-Dyck
strake888 at gmail.com
Mon Nov 10 19:13:10 PST 2014
On 09/11/2014, Rob Landley <rob at landley.net> wrote:
> On 11/09/14 09:01, M Farkas-Dyck wrote:
>> Yeah, I would deem this Someone Else's Problem.
Whatever program accepts untrusted input to sanitize it, or the kernel
to enforce memory limits.
> In theory a script could run grep on input from an http cgi or similar,
> so the input is user controlled. It's the sort of thing that _seems_
> safe... but isn't.
I would say that in this case the cgi script ought to setrlimit grep
if one fears memory-allocating DoS, rather than getline have arbitrary
line length limit.
1415675590.0
More information about the Toybox
mailing list