net/textproto: turn an ancient DoS BUG annotation into a comment

Actually fixing this "bug" would be weird, since io.LimitReader already does what we need, as demonstrated by net/http's use. Thanks to @davidfstr for pointing this out. Change-Id: If707bcc698d1666a369b39ddfa9770685fbe3879 Reviewed-on: https://go-review.googlesource.com/1579Reviewed-by: Rob Pike <r@golang.org>

net/textproto: turn an ancient DoS BUG annotation into a comment
Actually fixing this "bug" would be weird, since io.LimitReader already does what we need, as demonstrated by net/http's use. Thanks to @davidfstr for pointing this out. Change-Id: If707bcc698d1666a369b39ddfa9770685fbe3879 Reviewed-on: https://go-review.googlesource.com/1579Reviewed-by: Rob Pike <r@golang.org>
3185f862 · Brad Fitzpatrick · df1739c7 · 3185f862
Commit 3185f862 authored Dec 16, 2014 by Brad Fitzpatrick
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

reader.go src/net/textproto/reader.go +4 -4

No files found.
--- a/src/net/textproto/reader.go
+++ b/src/net/textproto/reader.go
@@ -13,10 +13,6 @@ import (
 	"strings"
 )

-// BUG(rsc): To let callers manage exposure to denial of service
-// attacks, Reader should allow them to set and reset a limit on
-// the number of bytes read from the connection.
-
 // A Reader implements convenience methods for reading requests
 // or responses from a text protocol network connection.
 type Reader struct {
@@ -26,6 +22,10 @@ type Reader struct {
 }

 // NewReader returns a new Reader reading from r.
+//
+// To avoid denial of service attacks, the provided bufio.Reader
+// should be reading from an io.LimitReader or similar Reader to bound
+// the size of responses.
 func NewReader(r *bufio.Reader) *Reader {
 	return &Reader{R: r}
 }