httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@lyra.org>
Subject Re: FW: zlib vulnerability
Date Thu, 14 Mar 2002 01:50:41 GMT
On Tue, Mar 12, 2002 at 12:14:14AM -0800, Justin Erenkrantz wrote:
> On Mon, Mar 11, 2002 at 08:28:11PM -0500, Jeff Trawick wrote:
> > "Ryan Bloom" <rbb@covalent.net> writes:
> > 
> > > We should probably do something about this, but I'm not sure what.
> > 
> > I thought the zlib vulnerability was in the decompress path.
> > mod_deflate doesn't decompress.
> 
> Yup.  Adler mentioned here on-list that there was a memory leak
> when using the decompression routines.  I'm wondering if that has
> something to do with this vulnerability.  
> 
> But, yes, I'd say mod_deflate wouldn't be affected unless/until
> we add input-filtering support.  (I think SVN might like this
> at some point.)  -- justin

Yessir!

It would help whenever a new file is added. Regular commits, though, are
sent as small patches, so the to-server direction is usually pretty light,
bandwidth-wise.

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/

Mime
View raw message