[NNTP] CAPABILITIES problem!
Ade Lovett
ade at lovett.com
Wed Aug 3 00:49:43 PDT 2005
Clive D.W. Feather wrote:
> I don't follow. Message IDs are limited to 250 characters, so where's the
> edge case? If someone puts an illegally-long message ID in a command, why
> couldn't they put an illegally-long hash as well? [Both should just
> generate a 501 response.]
MD5 is 128-bit. Period.
> I'm happy with no limit if nobody can see a problem. Remember that the
> limit we're talking about is command names and capability labels (the first
> word on a capability line), not other arguments, which are already
> unlimited.
In which case, I really cannot see a situation where an overly long
capability *and* an overly long command name, could result in an
overflow of 510 characters (+ \r\n).
I've been trying to avoid this particular thread for a reason. If
someone can show a situation where a capability of, say, 128 bytes in
length could potentially result in an overflow, then that bears further
consideration. As it stands right now, the issue that came to mind was
the message-ID (which is by far and away the largest single entity we
have to deal with).
Unless there's a compelling reason otherwise, I would suggest a 128 byte
limit (perhaps 64 if really necessary) for a capability, and be done
with it. 640k^W128 bytes is enough for anyone....
-aDe
More information about the ietf-nntp
mailing list