Return-Path: Delivered-To: new-httpd-archive@hyperreal.org Received: (qmail 29489 invoked by uid 6000); 27 Jan 1999 20:16:54 -0000 Received: (qmail 29479 invoked by uid 24); 27 Jan 1999 20:16:53 -0000 Message-Id: <4.1.19990127115012.03651e90@hyperreal.org> X-Sender: brian@hyperreal.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 27 Jan 1999 11:52:27 -0800 To: new-httpd@apache.org From: Brian Behlendorf Subject: RE: [STATUS] (apache-1.3) Wed Jan 27 08:47:25 EST 1999 In-Reply-To: <1F06E140313CD211936F00104B648D5091451C@WTCEX-W06BDCMB> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: new-httpd-owner@apache.org Precedence: bulk Reply-To: new-httpd@apache.org At 01:08 PM 1/27/99 -0600, Dietz, Phil E. wrote: >>* Someone other than Dean has to do a security/correctness review on >> psprintf(), bprintf(), and ap_snprintf(). In particular these routines >> do lots of fun pointer manipulations and such and possibly have >overflow >> errors. The respective flush_funcs also need to be exercised. >> o Jim's looked over the ap_snprintf() stuff (the changes that Dean >> did to make thread-safe) and they look fine. >> o Laura La Gassa's looked over ap_vformatter & other related code >> o Martin did a "source review" as well. >> o Could still use 1 or 2 more sets of eyeballs. >> Status: Is this still valid?? > >I will run apache 1.3.5 through Insure++. >Insure++ is a compile time and a runtime memory monitor tool that can even >check threaded apps. > >Can someone email instructions on pulling out the 1.3.5-dev version ? Sure, there are a number of ways you can get it. The easiest is to just pull a snapshot down from . You can also access it via anoncvs, CVSup, or even rsync. See http://dev.apache.org/ for more info. Brian --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-- History is made at night; brian@hyperreal.org character is what you are in the dark.