[web-devel] Problem with multipart request on yesod/wai
greg at gregorycollins.net
Sat Feb 26 10:20:03 CET 2011
2011/2/26 Антон Чешков <acheshkov at gmail.com>:
> Hi all!
> Parsing the request headers involves taking all of the header lines (every
> line until a blank line) and then parsing those via parseRequest'.
> takeHeaders (a function I will not explain here) goes ahead and reads in all
> of the header lines until a blank. A special thanks to Gregory Collins for
> pointing out a security hole in the initial versions of Warp: takeHeaders
> now ensures that no header is longer than 1024 bytes, and there are at most
> 30 headers to avoid a DOS attack..."
Neither of the supplied requests matches these criteria.
Gregory Collins <greg at gregorycollins.net>
More information about the web-devel