Re: problem revealed by issue #2398 (server-side assertion)

From: Garrett Rooney <rooneg_at_electricjellyfish.net>
Date: 2006-02-14 19:02:21 CET

On 2/14/06, Michael Sinz <Michael.Sinz@sinz.org> wrote:

> Depends - if it is an internal function, assert/abort() is a good way to
> enforce "should never happen" type of behaviors. However, if this can
> be triggered by wire data, you have a major bug in that a simple DOS
> attack of sending that wire data will abend the server. Nothing that
> ever comes over the wire should ever abend the server. Remember, the
> wire is open to anyone sending packets, including old, broken clients and
> malicious code.

You're missing the fact that this should not be able to be triggered
by user data over the network. The fact that it can is a bug.

-garrett

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Feb 14 19:03:39 2006

This message: [ Message body ]
Next message: Garrett Rooney: "Re: problem revealed by issue #2398 (server-side assertion)"
Previous message: Julian Foad: "Re: assertion failed svn cp URL->URL"
In reply to: Michael Sinz: "Re: problem revealed by issue #2398 (server-side assertion)"
Next in thread: Greg Hudson: "Re: problem revealed by issue #2398 (server-side assertion)"
Reply: Greg Hudson: "Re: problem revealed by issue #2398 (server-side assertion)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]