Re: LuaSocket: No way to protect against fuzzing attacks?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: LuaSocket: No way to protect against fuzzing attacks?
From: Javier Guerra Giraldez <javier@...>
Date: Tue, 11 Oct 2011 09:23:19 -0500

On Tue, Oct 11, 2011 at 4:05 AM, Sean Conner <sean@conman.org> wrote:
> It was thus said that the Great Peter Pimley once stated:
>> Could you repeatedly call option 2 (up to newline) but with a timeout
>> of zero?  It'll return the partial result, which you can buffer up
>> until you get the actual end-of-line.
>
>  Yes, but performance will drop like a whale that suddenly finds itself
> popped into existence at 30,000 feet (or a bowl of petunias, take your
> pick) with a large amount traffic.

not if you only read when you already know there's data to read.


>  -spc (Used systems where code was written like that---it wasn't fun)

Copas and Xavante are written like that --- some people think they're fun :-)


-- 
Javier

Follow-Ups:
- Re: LuaSocket: No way to protect against fuzzing attacks?, Stefan Reich

References:
- LuaSocket: No way to protect against fuzzing attacks?, HyperHacker
- Re: LuaSocket: No way to protect against fuzzing attacks?, Peter Pimley
- Re: LuaSocket: No way to protect against fuzzing attacks?, Sean Conner

Prev by Date: Re: Using Lua's memory allocator
Next by Date: Re: [propsal] improve to table.concat?
Previous by thread: Re: LuaSocket: No way to protect against fuzzing attacks?
Next by thread: Re: LuaSocket: No way to protect against fuzzing attacks?
Index(es):
- Date
- Thread