[Twisted-Python] Is AMP secure enough for the internet?
Jonathan Lange
jml at mumak.net
Mon Mar 1 07:19:05 MST 2010
On Mon, Mar 1, 2010 at 2:15 PM, Attila Nagy <bra at fsn.hu> wrote:
> Eric P. Mangold wrote:
>> AMP "keys" are limited to 256 bytes and "values" are limited to 64k. So
>> that will prevent your program from handling a malformed AMP packet that
>> tries to exceed those limits....
>>
> Yes, I know that from the docs, but I haven't read the code, and it's
> not trivial where this is limited. If only on the client side, it
> doesn't protect...
The first two bytes of the key are the length of the key. The server
will stop reading after this length, and will bork if the length is
bigger than 256.
Actually, the client will do the same, since at this level, the
protocol is symmetric.
jml
More information about the Twisted-Python
mailing list