httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 48204] extended patch CVE-2009-3555-2.2.patch handling request splicing in case of server initiated renegotiation
Date Mon, 16 Nov 2009 13:49:35 GMT

Joe Orton <> changed:

           What    |Removed                     |Added
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #6 from Joe Orton <> 2009-11-16 05:49:33 UTC ---
1) I'm surprised that patch has any effect; if it does, surely it is due to
timing of the receipt of the app-data packets comprising the victim's request
by the server, which is under the control of the attacker?

2) I can't see how discarding data at this point is a good idea - if you
presume the connection is under active attack in that code path, the only sane
course of action is to log that and close the connection, right?  If you don't
presume the connection is under active attack then discarding bytes is going to
some weird and wonderful failure modes.

I think it'd be better to discuss this on dev@httpd to get a wider audience. 
Could you start a thread there, maybe with some packet traces or similar to
outline how this would work?

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message