httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 48204] extended patch CVE-2009-3555-2.2.patch handling request splicing in case of server initiated renegotiation
Date Mon, 16 Nov 2009 13:49:35 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=48204

Joe Orton <jorton@redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #6 from Joe Orton <jorton@redhat.com> 2009-11-16 05:49:33 UTC ---
1) I'm surprised that patch has any effect; if it does, surely it is due to
timing of the receipt of the app-data packets comprising the victim's request
by the server, which is under the control of the attacker?

2) I can't see how discarding data at this point is a good idea - if you
presume the connection is under active attack in that code path, the only sane
course of action is to log that and close the connection, right?  If you don't
presume the connection is under active attack then discarding bytes is going to
cause 
some weird and wonderful failure modes.

I think it'd be better to discuss this on dev@httpd to get a wider audience. 
Could you start a thread there, maybe with some packet traces or similar to
outline how this would work?

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message