httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: svn commit: r661666 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy_balancer.c
Date Fri, 06 Jun 2008 14:47:15 GMT
On Sat, May 31, 2008 at 12:00:55AM +0200, Ruediger Pluem wrote:
> On 05/30/2008 01:49 PM, jorton@apache.org wrote:
>> URL: http://svn.apache.org/viewvc?rev=661666&view=rev
>> Log:
>> Prevent CSRF attacks against the balancer-manager (CVE-2007-6420)
...
>> @@ -619,6 +622,27 @@
>>      }
>>  }
>>  +/* post_config hook: */
>> +static int balancer_init(apr_pool_t *p, apr_pool_t *plog,
>> +                         apr_pool_t *ptemp, server_rec *s)
>> +{
...
>> +
>> +    apr_uuid_get(&balancer_nonce);
>
> Why don't we do apr_uuid_format already here and store the string directly?

Sorry I didn't get to this sooner!  No reason at all - I've changed the 
code as you suggested in r663967; thanks for the review.  (Since this is 
not performance critical code I think the 2.2.x backport is fine as-is)

joe

Mime
View raw message