|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI: Text request/response spanning - security issue?Excerpt of message (sent 29 March 2002) by John Hufferd: > > Before we run off to far in this direction, .... > > Each Key of the Key=value pairs, supplies enough information to understand > the Max length of the value that follows. The length permitted by each > keyword that is supported, should be enough to define the approprate > length for any key=value pair. I think that the implementation can > determine the Max amount of buffer it needs by computing the Max size based > on the keywords supported. Maybe not if you want to be picky. Is there a limit on the number of leading zeroes that a numeric value may have? I suppose a way to handle that is "a receiver is not required to accept values other than zero that begin with 0". > I think the item that got us into the Multi PDU spanning of a key=value is > the Certificates associated with authentication. So depending on the type > of Authentication supported, and the Max size of Certificates supported, > you can compute the Max size of the total key=value buffer needed. From what I remember about certificates, it isn't easy -- or even feasible -- to specify a sensible upper bound on their size. Especially as people start putting more and more crud into certificates. > I do not see anything broken here. Hence, I do not think a fix is needed. Let's make sure that we can indeed specify an upper bound on each value for each key -- and document in the spec what that limit is. If that can be done then indeed we're done. (I wouldn't worry about X-foo keys; if you don't support them then it doesn't matter how long they are, and if you do support a particular one, then it's up to the spec of that specific key to bound its size.) paul
Home Last updated: Sat Mar 30 18:18:19 2002 9397 messages in chronological order |