From: Jeff King <peff@peff.net>
To: Stefan Beller <sbeller@google.com>
Cc: Junio C Hamano <gitster@pobox.com>,
Jonathan Nieder <jrnieder@gmail.com>,
"git@vger.kernel.org" <git@vger.kernel.org>,
Eric Wong <e@80x24.org>, Dan Wang <dwwang@google.com>,
Dennis Kaarsemaker <dennis@kaarsemaker.net>
Subject: Re: [PATCH 2/4] receive-pack: implement advertising and receiving push options
Date: Fri, 8 Jul 2016 17:46:38 -0400 [thread overview]
Message-ID: <20160708214637.GB9820@sigill.intra.peff.net> (raw)
In-Reply-To: <CAGZ79ka8eHOx28Ja+S6DOGEOrV_ijUvi_NnjprhuzQ+3O9BAoQ@mail.gmail.com>
On Fri, Jul 08, 2016 at 11:57:20AM -0700, Stefan Beller wrote:
> >> Sorry to butt into the conversation late, but: I am not yet convinced.
> >>
> >> Is the idea that if the push options were very large, this would save
> >> the client from the cost of sending them?
> >
> > Not really. I have no strong opinion on the benefit of limiting
> > number/size. Stefan limited the number/size at the receiving end
> > and made receiving end die with its message.
>
> Jeff claimed we'd need some sort of DoS protection for this feature,
> so I considered just die-ing enough for an initial implementation.
I do not think we need to worry too much about niceties for these
limits. The point is to protect servers from malicious nonsense, like
somebody sending gigabytes of push options, or trying to overflow a
buffer in a hook with a large value. If people are seeing these in
routine use, then the limits are set too low, and this should happen
roughly as often as a BUG assertion, and IMHO should be treated roughly
the same: don't bother with translation, and don't worry about
optimizing wasted bandwidth for this case. It won't happen enough to
matter.
-Peff
next prev parent reply other threads:[~2016-07-08 21:46 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-07 1:12 [PATCHv3 0/4] Push options in C Git Stefan Beller
2016-07-07 1:12 ` [PATCH 1/4] push options: {pre,post}-receive hook learns about push options Stefan Beller
2016-07-07 20:20 ` Junio C Hamano
2016-07-07 21:50 ` Stefan Beller
2016-07-07 21:53 ` Junio C Hamano
2016-07-07 1:12 ` [PATCH 2/4] receive-pack: implement advertising and receiving " Stefan Beller
2016-07-07 20:37 ` Junio C Hamano
2016-07-07 21:41 ` Stefan Beller
2016-07-07 21:56 ` Jeff King
2016-07-07 22:06 ` Stefan Beller
2016-07-07 22:09 ` Jeff King
2016-07-07 22:06 ` Junio C Hamano
2016-07-08 17:58 ` Jonathan Nieder
2016-07-08 18:39 ` Junio C Hamano
2016-07-08 18:57 ` Stefan Beller
2016-07-08 21:46 ` Jeff King [this message]
2016-07-08 22:17 ` Stefan Beller
2016-07-08 22:21 ` Jeff King
2016-07-08 22:29 ` Stefan Beller
2016-07-08 22:35 ` Jeff King
2016-07-08 22:43 ` Stefan Beller
2016-07-08 22:46 ` Jeff King
2016-07-08 22:51 ` Stefan Beller
2016-07-07 1:12 ` [PATCH 3/4] push: accept " Stefan Beller
2016-07-07 20:52 ` Junio C Hamano
2016-07-08 22:59 ` Stefan Beller
2016-07-11 18:42 ` Junio C Hamano
2016-07-07 1:12 ` [PATCH 4/4] add a test for " Stefan Beller
2016-07-07 19:51 ` Junio C Hamano
2016-07-07 20:01 ` Junio C Hamano
2016-07-07 21:51 ` Stefan Beller
-- strict thread matches above, loose matches on Subject: below --
2016-07-14 21:49 [PATCHv7 0/4] Push options Stefan Beller
2016-07-14 21:49 ` [PATCH 2/4] receive-pack: implement advertising and receiving push options Stefan Beller
2016-07-14 17:39 [PATCHv5 0/4] Push options Stefan Beller
2016-07-14 17:39 ` [PATCH 2/4] receive-pack: implement advertising and receiving push options Stefan Beller
2016-07-14 18:38 ` Junio C Hamano
2016-07-14 19:00 ` Stefan Beller
2016-07-14 19:07 ` Junio C Hamano
2016-07-14 19:45 ` Jeff King
2016-07-14 20:07 ` Junio C Hamano
2016-07-09 0:31 [PATCHv4 0/4] Push options Stefan Beller
2016-07-09 0:31 ` [PATCH 2/4] receive-pack: implement advertising and receiving push options Stefan Beller
2016-07-10 17:06 ` Shawn Pearce
2016-07-10 18:05 ` Stefan Beller
2016-07-12 4:53 ` Shawn Pearce
2016-07-12 5:24 ` Jeff King
2016-06-30 0:59 [RFC PATCHv1 0/4] Push options in C Git Stefan Beller
2016-06-30 0:59 ` [PATCH 2/4] receive-pack: implement advertising and receiving push options Stefan Beller
2016-07-01 17:11 ` Junio C Hamano
2016-07-01 17:24 ` Stefan Beller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160708214637.GB9820@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=dennis@kaarsemaker.net \
--cc=dwwang@google.com \
--cc=e@80x24.org \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jrnieder@gmail.com \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.