From: Daniel F. <fly...@go...> - 2010-03-02 08:55:44
|
2010/3/2 Claes Wikström <kl...@ta...> > Daniel Fahlke wrote: > >> *search trough the logs of the last days* >> >> First this Bugfix. >> It was in the News (Sat Dec 11 2004 Version 1.50 released) >> >> "Form post parameter was still always managed as atoms. This is a >> backwards incompatible change. It broke the wiki aswell as the upload >> example in the Yaws docs.However, the change is sound since it was easy to >> DOS a yaws server by sending file upload posts with new atoms. Eventually >> the atom table would overflow. However it does break code !!! >> > > > Ok, looong ago. > > That fix didn't have anything todo whatsoever with the size of the > uploaded file. The problem was that the POST parse code did list_to_atom/1 > while parsing. This meant that a malicious user could POST a long series > of wacko POST requests where each POST request potentially created > a set of new e.g. random atoms - that way filling up the erl atom table > which is of fixed size - thus eventually making erl die. > > > /klacke > than i was wrong, but why and since when does the upload no bigger( or only longer?) uploads? And where is the cause for that? I would help with that, if i know, where to search =( |