[TYPO3-core] RFC: (urgent for 4.0.1) DoS when processing non-existing 404 page

[Bernhard Kraft]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dmitry Dulepov wrote:


> This patches also fixes two small things in that function:
> 1. removes many 'exit' calls and places only one at the end of function
> 2. corrects one of error messages not to show 'Error' twice.

Hi,


I tested it on my local machine where I always have nice graphical "top" meters.

When getting into a 404 loop the CPU load and usage does not much change - it stays
quite down at 0-5 % ....

altough apache is completly over and doesn't react anymore - not even to a request to
a simple html file :(


Your patch works properly and is quite fine - also moving all exit's to only two is a
good change.

Just one little thing ... I would prefer if we could use:
exit();
instead of your form (and the form which was already there): "exit;"
I know exist is a language construct and no function - but here:
http://at.php.net/manual/en/function.exit.php
It mostly get's used with the brackets appended (we can leave them empty so no status code
get's outputed in PHP <4.2.0)
As T3 is object oriented it would probably even be more logical to use "die();" as this is
often seen in object oriented applications ...

If you do not like this idea simply apply the patch with the "exit;" ... you got a +1 from me
in any case ....



greets,
Bernhard
- --
- ----------------------------------------------------------------------
"Freiheit ist immer auch die Freiheit des Andersdenkenden"
Rosa Luxemburg, 1871 - 1919
- ----------------------------------------------------------------------
[[ http://think-open.at | Open source company ]]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEza2SIl4dkVkDMFkRApmTAJ9OOGqEkkrEImkkRUq8nR3EX0wVowCgguJT
C+h6yWrgeFe1ffEvGuGTzbE=
=L8wu
-----END PGP SIGNATURE-----