-------- On Sun, 17 May 1998 15:48:55 EDT, Bill Paul wrote: > With these patches, you have 35 seconds to supply a valid record > containing an RPC message header and request, otherwise the session > is disconnected. If you enter garbage data, the connection is dropped > immediately. Sun's RPC code has some more problems. If you send it a continuous stream of zero bytes, it will loop forever because it interprets them as a sequence of zero-length record fragments. It nicely gobbles the empty record, notices that this hasn't been the last fragment (EOR bit is 0 of course) and goes asking for more, etc ad inf. Concerning the 35 second timeout Bill mentions above, this can also be stretched out quite a bit if you transmit the RPC packet byte by byte, each 30 seconds apart. Given the way RPC was designed, I cannot think how to work around this problem except by handling all RPC requests in a separate thread. Finally, here's some stuff that I haven't checked so far, but which may be equally interesting. The RPC code is cluttered with conversions from unsigned long to int, and I have found at least one (quite important) routine in the RPC server code that does something like this: int len; get len from user request if (len > MAX_LEN) return FALSE; bcopy(buf, destination, (u_int) len); where destination is on the stack... Cheers Olaf -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okirat_private | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax For my PGP public key, finger okirat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:54:00 PDT