httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Rodent of Unusual Size)
Subject Re: [STATUS] Thu May 1 15:22:06 PDT 1997
Date Sun, 04 May 1997 18:41:38 GMT
>From the fingers of Dean Gaudet flowed the following:
>Agenda for 1.2b11-dev
>Patches available:
>  * Ken's [PATCH] PR#501: mod_status doesn't escape printed URLs
>    [Dean would like to see us write a general "escape ascii text" function
>    so that it could be used by mod_status, mod_info, mod_dir, etc. rather
>    than fix this one bug at a time.]

    make_html_safe() submitted (though possible candidate for performance
    improvement).  No patch to actually *use* it submitted yet.

>Should be added to the bugdb:
>  * [BUG]: "mod_dld problem: variable in httpd_config.c counted wrong"on Irix
>    <> and
>    <>
>    Dirk says he's got something to fix it that needs some work.

    Added; PR#540.

>  * <IMG SRC="a CGI"> crates [sic] zombies on FreeBSDLinux
>    (see <>
>    for the details; I'm not going to try to decode 'em)  Reporter
>    says hackers have told it the cause lies in an error in the loop
>    structure in alloc.c's fork()/signal()/wait() handling
>    (no PR#, 1.1.1/1.2.something (?), 23/2/1997, <>)
>      - Marc said it *might* be related to the kindercide issue

    Added; PR#541.

>  * Solaris "accept: Too many levels of remote in path" [marc]
>    <>

    Added; PR#542.

>  * [BUG?] /cgi-bin/foo/bar%2fbaz
>    unescape_url in util.c is forbidding %2f in PATH_INFO.
>    The problem is that we use the %2f check to avoid security problems
>    with stupid scripts.  Roy thinks the best solution would be to
>    decode all %2f's before doing any processing on the path, and thus
>    reduce %2f.. to /.. before doing the path checks.  This makes it
>    impossible to have a filename containing slash, but no big deal.

    Added; PR#543.

>  * "Large groups cause authentication errors" on FreeBSD
>      []; problem looks to be MAX_STRING_LEN buffer
>      in groups_for_user.

    Not added, couldn't find any references to the problem.

    #ken    :-)}

View raw message