[Twisted-web] Re: URL length limits in twisted-web

Lenny G Arbage alengarbage at yahoo.com
Thu Aug 25 12:13:23 MDT 2005


--- Tommi Virtanen wrote:
>
> There's this DoS-avoidance bit:
> 
> class LineReceiver(protocol.Protocol,
_PauseableMixin):
>     ...
>     MAX_LENGTH = 16384


  Thanks, Tommi.  That appears to be it (16898 -
len('http://') and the non "path" part of my URL = the
more sane number of 16384).

  The 'silent failure' feature doesn't seem quite
right to me.  LineReceiver.dataReceived() returns
self.lineLengthExceeded(line), which calls
self.transport.loseConnection(), which means that
neither http.HTTPClient.lineReceived() nor
http.HTTPChannel.lineReceived() ever get called.  If
I'm following the code correctly, loseConnection()
does its job silently, and the caller never knows what
happened, but is led to believe that the request was
sent successfully.

  I changed LineReceiver.lineLengthReceived() as
follows:

def lineLengthExceeded(self, line):
        """Called when the maximum line length has
been reached.
        Override if it needs to be dealt with in some
special way.
        """
        #return self.transport.loseConnection()
        self.transport.loseConnection()
        raise error.ConnectionLost('Line length
exceeded')

  Which now does what I would expect (raises an
exception if I try to send URLs that exceed the
maximum), but I'm sure there are reasons not to raise
an exception here (other classes that rely on
LineReceiver, etc).

  What is the proper solution to this issue?

Lenny


		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 



More information about the Twisted-web mailing list