Bugtraq mailing list archives
Re: false alarm: query cgi problem
From: zblaxell () myrus com (Zygo Blaxell)
Date: Fri, 10 Jan 1997 13:48:15 -0500
In article <5b4d8o$l37 () xeno myrus com>, Apropos of Nothing <apropos () sover net> wrote:
For anyone who cares, the buffer overflow in the query cgi is not exploitable. This is because the exploit requires 21,000+ bytes, and the maximum size for a URL is 1024 bytes. That is how it is defined in the RFC.
Ummm...*which* RFC? I can't find such a limit in rfc1630, rfc1738, or rfc1945 (URL, relative URL, and HTTP, respectively), although I'm not trying very hard (grep for 'length', 'max', 'size', 'limit', and 'count'). Also, I was able to put about 8100 bytes of text into a URL with the GET method using Netscape and Apache. Apache broke first; Netscape will happily send a 21001+ byte URL, while Apache truncates it after (presumably) 8192 bytes or so. -- Zygo Blaxell. Unix/soft/hardware/firewall/security guru. 10th place, ACM Intl Prog Contest, 1995. Admin Linux+Solaris for food, Tshirts, anime. Pager: 1613 7608572. "I gave up $1000 to avoid working on windoze... *sigh*"-Amy Fong. "smb is a microsoft toy, like a "child" protocol that never matured"-S Boisjoli.
Current thread:
- false alarm: query cgi problem Apropos of Nothing (Jan 09)
- <Possible follow-ups>
- Re: false alarm: query cgi problem der Mouse (Jan 10)
- Re: false alarm: query cgi problem Zygo Blaxell (Jan 10)
