How 'bout adding a function that gets called before or during
the log function that scans the string for non-printable characters and
prints the octal equivalent instead... This would probably take care
of the need that Dancer brings up. I don't, however, see why it is
"needed." What trouble do non-printable characters cause? If you're
paranoid about non-printable characters, I suggest you post-process
the logs with something to filter non-printables before doing anything
else with them...
And to state more clearly what I think Dancer is asking, does
the code check for buffer overflow? Just about every security hole
that I've heard of in key system software has been caused by a buffer
overflow bug. Then again, if you're running squid as root, you're an
idiot. :)
Ed
-- On Sat, 26 Oct 1996, Dancer wrote: > Actually, never mind much-wanted, this is probably needed. If, for any > reason, we get non-printable characters in a request, we get them in the > logs as well. This is probably not A Good Thing(tm), and the behaviour > should be modified. For that matter we should look carefully at what > we're doing at this point, as we are playing with data that some unknown > source has given us. > > Anyone know what happens if you give Squid a request that's longer > than...say...256 bytes? How about 512Kbytes? How about 10MB? > > D >Received on Sat Oct 26 1996 - 15:19:11 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:22 MST