[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: problem revealed by issue #2398 (server-side assertion)

From: Garrett Rooney <rooneg_at_electricjellyfish.net>
Date: 2006-02-14 19:02:21 CET

On 2/14/06, Michael Sinz <Michael.Sinz@sinz.org> wrote:

> Depends - if it is an internal function, assert/abort() is a good way to
> enforce "should never happen" type of behaviors. However, if this can
> be triggered by wire data, you have a major bug in that a simple DOS
> attack of sending that wire data will abend the server. Nothing that
> ever comes over the wire should ever abend the server. Remember, the
> wire is open to anyone sending packets, including old, broken clients and
> malicious code.

You're missing the fact that this should not be able to be triggered
by user data over the network. The fact that it can is a bug.


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Feb 14 19:03:39 2006

This is an archived mail posted to the Subversion Dev mailing list.