httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: [PATCH] fix to assert bugosity
Date Sun, 29 Jun 1997 06:26:15 GMT
Marc Slemko wrote:
> I would prefer an ap_assert instead on the basis that it is best to avoid
> messing with system defines if you don't have to, but that's just me...
> Hmm.  Why do we have to include assert.h to begin with?
> Oh, something else I noticed about this change... unless I am missing
> something, it is BOGUS.  Bad.  Bad.  It appears like some of the code (eg.
> http_bprintf.c) relies on an assert to abort the program flow in certain
> cases.  The new one does not terminate.  That opens possible security
> holes.  I do not think that assert() should be replaced by anything which
> doens't terminate the request, and perhaps even the process.  It is
> dangerous to change the semantics of such a call.

Whoops. That was not intentional.



Ben Laurie                Phone: +44 (181) 994 6435  Email:
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL:
A.L. Digital Ltd,         Apache Group member (
London, England.          Apache-SSL author

View raw message