user/dev discussion of public-inbox itself
 help / color / mirror / code / Atom feed
From: Eric Wong <e@80x24.org>
To: Kyle Meyer <kyle@kyleam.com>
Cc: meta@public-inbox.org
Subject: Re: archive links broken with obfuscate=true
Date: Sat, 10 Apr 2021 05:15:50 +0000	[thread overview]
Message-ID: <20210410051550.GA4654@dcvr> (raw)
In-Reply-To: <87sg3ysrzu.fsf@kyleam.com>

Kyle Meyer <kyle@kyleam.com> wrote:
> Eric Wong writes:
> 
> > Have you run any performance tests?
> 
> No.  To get an idea of how to approach that, would you suggest I look at
> xt/perf-msgview.t?

Yeah, probably that with some tweaks; or running -httpd with ab,
wrk or some other HTTP benchmark that uses persistent connections.

I'm OK with things being slower with this option enabled, but
not with trivial denial-of-service vectors.

> > I'm actually more worried about the '0' (of '{0,}') or '*' being
> > combined with '?'.  I can't remember if there's a pathological
> > case in that...
> 
> Ah, okay, sorry for missing that.

No worries.  I've dealt with some nasty pathological slowdowns
in perl(-inspired) regex engines over the years and forget most
people haven't.  I recall perl itself seemed less susceptible to
pathological cases than engines inspired by it, but also wasn't
immune to them.

Maybe there's a compilation of known DoS-able regexp examples
which affect Perl somewhere.

> > The upper bound of N is a smaller concern, especially for
> > non-spam messages which only have non-space tokens of reasonable
> > length.
> >
> > Maybe changing the three existing '+' to {1,M} would be a way to
> > ameliorate the problem (though I'm not sure what a good value of
> > M would be, 255?).
> 
> Me neither, though I suspect 255 would be sufficient.

Alright.  There may be some other limits common to what SMTP
servers accept for line limits and such.  RFC 5322 limits
raw lines to 998, but that doesn't account for lengths after
decoding.

  reply	other threads:[~2021-04-10  5:15 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-09  2:11 archive links broken with obfuscate=true Kyle Meyer
2021-04-09 10:21 ` Eric Wong
2021-04-09 22:45   ` Kyle Meyer
2021-04-09 23:37     ` Eric Wong
2021-04-10  4:06       ` Kyle Meyer
2021-04-10  5:15         ` Eric Wong [this message]
2021-04-10 19:49           ` Kyle Meyer
2021-04-11  5:32             ` [PATCH v2] www: do not obfuscate addresses in URLs Eric Wong
2021-04-11  5:34               ` Eric Wong
2021-04-11 14:45               ` Kyle Meyer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://public-inbox.org/README

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210410051550.GA4654@dcvr \
    --to=e@80x24.org \
    --cc=kyle@kyleam.com \
    --cc=meta@public-inbox.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://80x24.org/public-inbox.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).