[webkit-dev] DOS in Safari/WebKit?
Geoffrey Garen
ggaren at apple.com
Thu Dec 22 19:06:13 PST 2005
Hi Kurt.
Yes, this bug is in radar, and yes, it has been fixed in the latest
nightlies. ensureRows doesn't enforce a fixed limit (what limit would
you choose?); instead, it checks whether the resize succeeded or
failed, and returns early if it failed.
Geoff
On Dec 22, 2005, at 6:48 PM, Kurt Kohler wrote:
> I haven't been following the chat room so I might have missed it, but
> I'm surprised there hasn't been any discussion here about the
> "denial of
> service" bug reported at the following URL.
>
> http://www.security-protocols.com/advisory/sp-x22-advisory.txt
>
> I don't want to jump to conclusions, but we're talking about open
> source
> software here. He could have fixed it himself or at least filed a
> Bugzilla report. As far as I can tell he did neither. He does claim to
> have reported it to Apple. Is it in radar perhaps?
>
> I'll wait before I say what I think about this guy. I don't want to be
> slanderous without cause.
>
> BTW I saw a claim elsewhere that it had been fixed in the
> nightlies, but
> it looks like as of a few minutes ago ensureRows in TOT still has the
> problem (it does a resize with a value that doesn't appear to be
> checked
> against any limit).
>
> Does html define a limit on the number of rows in a table?
>
> Kurt Kohler
>
>
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at opendarwin.org
> http://www.opendarwin.org/mailman/listinfo/webkit-dev
More information about the webkit-dev
mailing list