On Tue, Jul 17, 2012 at 04:18:00PM +0200, Marc-André Lureau wrote: > On Tue, Jul 17, 2012 at 4:06 PM, Christophe Fergeau <cfergeau@xxxxxxxxxx> wrote: > > Oh, I was mostly thinking of checking max_monitors for an arbitrary max > > value (4, 16 or 256) to avoid allocating arbitrary amount of memory by > > trusting a network value. > > There is no arbitrary value that would be really appropriate. > > Furthermore, as I tried to say, there are many places where we trust > server values. For instance size of a message. It doesn't really makes > sense to check only this value here. Yeah I know there are many worrying places, for new code and new protocol additions, it would be nice to start thinking about this... I'm not seeing this as a blocking issue, but this is getting more and more scary nonetheless... Christophe
Attachment:
pgpvNtzJKSyQB.pgp
Description: PGP signature
