httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject Re: [Fwd: Overflow in one of Apache 1.1.1 (maybe later too)'s modules]
Date Fri, 05 Sep 1997 16:40:24 GMT
On Fri, 5 Sep 1997, Ben Laurie wrote:

> Ooops. I think we'd better fix this (if still present in 1.2.4) before
> someone publishes the exploit.

AFAIK, there never could be an exploit for it.  That is one of 
several hundred bits of code that makes assumptions about how
big the headers being read can be; currently, those assumptions
are valid so it is impossible to read data large enough to overflow
the buffer.  

Regardless, I fixed it in 1.2bsomething.

  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message