Security Question

I am researching about security vulnerabilities in the Asterisk product.
I saw in Asterisk Project Security Advisory - AST-2013-002 ( … 13-002.pdf) that the value of the Content-Length is now capped at a maximum value of 1024 bytes.
Can I infer that any communication that I recieve with a content-length value over 1024 bytes will be malicious?


This relates to HTTP, not to VoIP, so you should already have firewalls limiting access to trusted local machines.

You can only assume that the author of the change felt that such long requests were unlikely to be genuine. They may or may not have correctly calculated the maximum possible length. It is most unlikely that it is exactly 1000 bytes.