dos vulnerability

[lwf]

HFS will freeze completely when a big progress status picture is requested. A malicious user could successfully DOS the server with nothing but a browser and the F5 key.

http://127.0.0.1:8080/~img_graph3000x3000

[maverick]

dos vulnerability?

The 3000x3000 image didn't freeze HFS or anything else here.

[attachment deleted by admin]

[rejetto]

the DoS is effective as much as you have low CPU power.
i will post a fix in 1 hour or less.

[rejetto]

www.rejetto.com/forum/?topic=3791.msg1021269#msg1021269

[lwf]

That was quick, thanks!

[TSG]

Ino that this problem is solved with a fix now... but i am bored and decided that i would post our findings from ages ago when using HFS 2.0.

About September last year me and Flynsarmy were bored at a university tutorial and we decided to see how big we can make this image at uni from his PC lol!, we managed something like 9999x9999px or something... i remember one side was 9999 cant remember the other side...exact measurement is far from memory... it was fairly insanely big. This was done on 128k upload and an AMD 3500 (2.2ghz), with only 1gb RAM at the time. We didn't continually refresh the page in the fear of a crash.

Is there any limit to the size of this image now with the fix? I doubt anyone will ever need it to be bigger than 2560x1600 (think its the maximum res for widescreen monitor atm) which is stupidly huge anyway? lol

[TCube]

I doubt anyone will ever need it to be bigger than 2560x1600 (think its the maximum res for widescreen monitor atm) which is stupidly huge anyway? lol

Well some people may need "images bigger than life"    ... 3 monitors' view ... http://www.mandolux.com/

[TSG]

haha!

[rejetto]

the limits are
width: 3000
area: 300000


....that is: if you use 2000 as width, the max height is 150

[TSG]

Nice.