Bugtraq: Re: false alarm: query cgi problem

[zblaxell () myrus com (Zygo Blaxell)]

In article <5b4d8o$l37 () xeno myrus com>,
Apropos of Nothing  <apropos () sover net> wrote:
> For anyone who cares, the buffer overflow in the query cgi is not
> exploitable.  This is because the exploit requires 21,000+ bytes, and the
> maximum size for a URL is 1024 bytes. That is how it is defined in the RFC.
Ummm...*which* RFC?  I can't find such a limit in rfc1630, rfc1738,
or rfc1945 (URL, relative URL, and HTTP, respectively), although I'm not
trying very hard (grep for 'length', 'max', 'size', 'limit', and 'count').
Also, I was able to put about 8100 bytes of text into a URL with the
GET method using Netscape and Apache.  Apache broke first; Netscape will
happily send a 21001+ byte URL, while Apache truncates it after
(presumably) 8192 bytes or so.
--
Zygo Blaxell. Unix/soft/hardware/firewall/security guru. 10th place, ACM Intl
Prog Contest, 1995. Admin Linux+Solaris for food, Tshirts, anime. Pager: 1613
7608572. "I gave up $1000 to avoid working on windoze... *sigh*"-Amy Fong. "smb
is a microsoft toy, like a "child" protocol that never matured"-S Boisjoli.