Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Sep 9 20:46:41 2008 X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.14.1/8.14.1) with ESMTP id m8A3keQe015207 for ; Tue, 9 Sep 2008 20:46:41 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.14.2/8.14.1) with ESMTP id m8A3k3E3006415 for ; Tue, 9 Sep 2008 20:46:03 -0700 Message-Id: <200809100346.m8A3k3E3006415@bourbon.usc.edu> To: cs551@merlot.usc.edu Subject: Re: Malicious clients and servers Date: Tue, 09 Sep 2008 20:46:03 -0700 From: Bill Cheng SOmeone wrote: > Since we are not supposed to have a buffer larger than 512 bytes, should > we expect that in normal cases, the length of the data request sent by > the client to the server is <=512 bytes. You mean that if DataLength in a request message is > 512, you won't even process it? I guess it's certainly a reasonable assumption for the adr command. For fsz and get, I don't know if UNIX file path can be longer than 256 bytes. > Or, this is possible for valid inputs by the client also ? 512 is probably a good number, I guess. -- Bill Cheng // bill.cheng@usc.edu