Hi there, in addition to the posted patches, which fix the problem documented, I'd like to suggest the following measures to make sure that buffer overflows don't happen in other parts of the daemon either. Please comment. 1. define HUGE_STRING_LEN and MAX_STRING_LEN to a value of 4000 each (file httpd.h) 2. have getline() read only 1000 characters instead of HUGE_STRING_LEN (file http_request.c: getline(l,HUGE_STRING_LEN/4,in,timeout) instead of getline(l,HUGE_STRING_LEN,in,timeout)) This should at first sight pretty much eliminate the problem. It isn't at all good style, but it should do until an official patch is ready. Does anyone see any problems with this? Greetings, -Thomas -- Thomas Lopatic lopatic@informatik.uni-muenchen.de