httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Bannert <aa...@clove.org>
Subject Re: CAN-2002-0392 : what about older versions of Apache?
Date Tue, 25 Jun 2002 03:09:25 GMT
On Mon, Jun 24, 2002 at 10:44:54PM -0400, Ben Hyde wrote:
> Let's put the patch back.  

I believe the patch is out there and has been out there since yesterday,
my mirror picked it up last night.

FWIW, as far as I can tell the patch fixes all potential sign-bit
overflows of the chunk-extention handling. Here's my +1

I think our best bet at this point would be to reevaluate all uses
of memcpy() and make sure that we aren't passing in any negative
offsets.

-aaron

Mime
View raw message