httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: Might as well be a CERT warning.
Date Sat, 11 Jan 1997 19:39:20 GMT

I'm assuming it is in read_request_line(). HUGE_STRING_LEN.


> Anyone tracked down the exact location of the extra long url problem?
> 
> On Sat, 11 Jan 1997, Randy Terbush wrote:
> 
> > > Randy Terbush wrote:
> > > > 
> > > > 
> > > > Looks like we have concensus to roll a 1.1.2 release with this patch
> > > > applied. Shall I?  I raise the concern about all the other overflow
> > > > problems that are being addressed in 1.2. Seems this could be used
> > > > as a catalist to get these people to move to 1.2 instead of a 1.1.2.
> > > > 
> > > > *shrug*
> > > 
> > > In my view, we _must_ release a 1.1.2 which addresses the problem, though
> > > it doesn't have to be that patch, of course. We can't have a server in the
> > > wild with a known security hole.
> > > 
> > > Cheers,
> > > 
> > > Ben.
> > > 
> > 
> > *sigh*, But as the "Extra Long URL" email that just came in shows,
> > there are a bunch of other problems.
> > 
> > Do we create a patched version backporting the changes that Marc Slemko
> > is working on, or offer 1.2 as the fix?
> > 
> > 
> > 




Mime
View raw message