From kfm-devel Sun Jul 29 16:36:38 2001 From: David Faure Date: Sun, 29 Jul 2001 16:36:38 +0000 To: kfm-devel Subject: Re: Bug#29895: Konqueror DoS with malicious favicon.ico X-MARC-Message: https://marc.info/?l=kfm-devel&m=99643090023884 On Sunday 29 July 2001 17:10, Dawit Alemayehu wrote: > On Sunday 29 July 2001 07:52, David Faure wrote: > > > The only exception case where kio_http can possibly drain resources is > > > when it has to decompress rather large compressed html pages. Under this > > > condition it stores the incoming data so that it could decompress/decode > > > it properly. I do not know a clean way around this except to decompress > > > the data on the fly and transmit it to the app. > > > > Have a look at KFilterDev if you want to implement that, it's perfectly > > suited for the job :) > > That is what I am going to do :) :) > > > This approach has to own downsides however... > > > > Which ones ? > > Not knowing the actual total size of the file we downloaded. We know the compressed size, > but cannot determine the actual size so it is going to mess up the progress info we provide > to the end user. Well, you could use the compressed size for the progress info, that should be no problem. The total size just won't match the one the user will finally see, but the progress will be ok. [Hmm, doesn't any HTTP header give the uncompressed size ? Probably not, if you say so :)] -- David FAURE, david@mandrakesoft.com, faure@kde.org http://perso.mandrakesoft.com/~david/, http://www.konqueror.org/ KDE, Making The Future of Computing Available Today