Return-Path: william@bourbon.usc.edu
Delivery-Date: Tue Sep  9 20:46:41 2008
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on merlot.usc.edu
X-Spam-Level: 
X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham
	version=3.2.3
Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75])
	by merlot.usc.edu (8.14.1/8.14.1) with ESMTP id m8A3keQe015207
	for <cs551@merlot.usc.edu>; Tue, 9 Sep 2008 20:46:41 -0700
Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1])
	by bourbon.usc.edu (8.14.2/8.14.1) with ESMTP id m8A3k3E3006415
	for <cs551@merlot>; Tue, 9 Sep 2008 20:46:03 -0700
Message-Id: <200809100346.m8A3k3E3006415@bourbon.usc.edu>
To: cs551@merlot.usc.edu
Subject: Re: Malicious clients and servers
Date: Tue, 09 Sep 2008 20:46:03 -0700
From: Bill Cheng <william@bourbon.usc.edu>

SOmeone wrote:

  > Since we are not supposed to have a buffer larger than 512 bytes, should 
  > we expect that in normal cases, the length of the data request sent by 
  > the client to the server is <=512 bytes.

You mean that if DataLength in a request message is > 512,
you won't even process it?

I guess it's certainly a reasonable assumption for the adr
command.  For fsz and get, I don't know if UNIX file path
can be longer than 256 bytes.

  > Or, this is possible for valid inputs by the client also ?

512 is probably a good number, I guess.
--
Bill Cheng // bill.cheng@usc.edu <URL:http://merlot.usc.edu/william/usc/>