[web-devel] Problem with multipart request on yesod/wai

Gregory Collins greg at gregorycollins.net
Sat Feb 26 10:20:03 CET 2011

2011/2/26 Антон Чешков <acheshkov at gmail.com>:
> Hi all!
> "...parseRequest
> Parsing the request headers involves taking all of the header lines (every
> line until a blank line) and then parsing those via parseRequest'.
> takeHeaders (a function I will not explain here) goes ahead and reads in all
> of the header lines until a blank. A special thanks to Gregory Collins for
> pointing out a security hole in the initial versions of Warp: takeHeaders
> now ensures that no header is longer than 1024 bytes, and there are at most
> 30 headers to avoid a DOS attack..."
> (http://docs.yesodweb.com/blog/announcing-warp)

Neither of the supplied requests matches these criteria.

Gregory Collins <greg at gregorycollins.net>

More information about the web-devel mailing list