httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@hyperreal.org>
Subject RE: [STATUS] (apache-1.3) Wed Jan 27 08:47:25 EST 1999
Date Wed, 27 Jan 1999 19:52:27 GMT
At 01:08 PM 1/27/99 -0600, Dietz, Phil E. wrote:
>>* Someone other than Dean has to do a security/correctness review on
>>    psprintf(), bprintf(), and ap_snprintf().  In particular these routines
>>      do lots of fun pointer manipulations and such and possibly have
>overflow
>>     errors.  The respective flush_funcs also need to be exercised.
>>      o Jim's looked over the ap_snprintf() stuff (the changes that Dean
>>        did to make thread-safe) and they look fine.
>>      o Laura La Gassa's looked over ap_vformatter & other related code
>>      o Martin did a "source review" as well.
>>      o Could still use 1 or 2 more sets of eyeballs.
>>    Status: Is this still valid??
>
>I will run apache 1.3.5 through Insure++.
>Insure++ is a compile time and a runtime memory monitor tool that can even
>check threaded apps.
>
>Can someone email instructions on pulling out the 1.3.5-dev version ?

Sure, there are a number of ways you can get it.  The easiest is to just
pull a snapshot down from <http://dev.apache.org/from-cvs/>.  You can also
access it via anoncvs, CVSup, or even rsync.  See http://dev.apache.org/
for more info.

	Brian



--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
History is made at night;                         brian@hyperreal.org
  character is what you are in the dark.

Mime
View raw message