httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: [PATCH] fix to assert bugosity
Date Sun, 29 Jun 1997 06:26:15 GMT
Marc Slemko wrote:
> 
> I would prefer an ap_assert instead on the basis that it is best to avoid
> messing with system defines if you don't have to, but that's just me...
> 
> Hmm.  Why do we have to include assert.h to begin with?
> 
> Oh, something else I noticed about this change... unless I am missing
> something, it is BOGUS.  Bad.  Bad.  It appears like some of the code (eg.
> http_bprintf.c) relies on an assert to abort the program flow in certain
> cases.  The new one does not terminate.  That opens possible security
> holes.  I do not think that assert() should be replaced by anything which
> doens't terminate the request, and perhaps even the process.  It is
> dangerous to change the semantics of such a call.

Whoops. That was not intentional.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author

Mime
View raw message