| commit | 2e8e8c6387ecdf5923dfc4d7718d18eba1b0873d | |
| author | Keith Rarick <kr@xph.us> | |
| Sun, 23 May 2010 07:13:28 +0000 (23 00:13 -0700) | ||
| committer | Keith Rarick <kr@xph.us> | |
| Sun, 23 May 2010 07:36:10 +0000 (23 00:36 -0700) | ||
| tree | 7c1618f611edf00e977c32a246365d0bd1903c4d | treesnapshot (tar.gz zip) |
| parent | 62328a506b8ed24e52c264f073ecbf4e9254f861 | commitdiff |
Discard job body bytes if the job is too big.
Previously, a malicious user could craft a job payload and inject
beanstalk commands without the client application knowing. (An
extra-careful client library could check the size of the job body before
sending the put command, but most libraries do not do this, nor should
they have to.)
Reported by Graham Barr.
Previously, a malicious user could craft a job payload and inject
beanstalk commands without the client application knowing. (An
extra-careful client library could check the size of the job body before
sending the put command, but most libraries do not do this, nor should
they have to.)
Reported by Graham Barr.
| check-one.sh | diffblobblamehistory | |
| prot.c | diffblobblamehistory | |
| sh-tests/too-big.commands | [new file with mode: 0644] | blob |
| sh-tests/too-big.expected | [new file with mode: 0644] | blob |