[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: REPL Server: Guard against HTTP inter-protocol exploitation attacks.
|
From: |
Alex Kost |
|
Subject: |
Re: REPL Server: Guard against HTTP inter-protocol exploitation attacks. |
|
Date: |
Wed, 12 Oct 2016 11:21:21 +0300 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.0.95 (gnu/linux) |
Hello, I've noticed an insignificant typo in commit
08c021916dbd3a235a9f9cc33df4c418c0724e03 (in the fancy warning message).
[...]
> + ;; Print a report to STDERR (POSIX file descriptor 2).
> + ;; XXX Can we do better here?
> + (call-with-port (dup->port 2 "w")
> + (cut format <> "
> +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> +@@ POSSIBLE BREAK-IN ATTEMPT ON THE REPL SERVER @@
> +@@ BY AN HTTP INTER-PROTOCOL EXPLOITATION ATTACK. See: @@
> +@@ <https://en.wikipedia.org/wiki/Inter-protocol_exploitation> @@
> +@@ Possible HTTP request received: ~S
^^
Missing trailing "@@" in the above line.
> +@@ The associated socket has been closed. @@
> +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n"
> + (string-append request-line
> + drained-input)))))
--
Alex
- Re: REPL Server: Guard against HTTP inter-protocol exploitation attacks.,
Alex Kost <=