httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cliff Woolley <>
Subject Re: chunked encoding bug fix (Apache 1.3)
Date Wed, 19 Jun 2002 15:19:40 GMT
On Wed, 19 Jun 2002, Dmitri wrote:

> The issue described in this advisory [CAN-2002-0392] is fixed in 1.3.26.
> However, I could find no bug associated with this issue in Apache Bugzilla.

Nobody ever submitted a bug report about it.  The bug database is not
meant to handle security issues, and it says so in big letters.  :-)

> I would like to know whether this change is documented somewhere outside
> CVS.

Not on any public channels, no.

> As far as I understand, the changes included backporting chunked
> encoding handling (http_protocol.c: 1.316 -> 1.317), and using
> ap_strtol() instead of strtol().  Is that all?  I need this because I
> would just like to apply this fix to my local apache source tree, which
> is version 1.3.20.

No, there's much more to it than that.  Several patches went in to several
files, including http_protocol.c and several files in the proxy, possibly
others.  Anyway, it's much safer just to upgrade to 1.3.26.


View raw message