httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: svn commit: r661666 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy_balancer.c
Date Fri, 06 Jun 2008 16:31:51 GMT

On Jun 6, 2008, at 10:47 AM, Joe Orton wrote:

> On Sat, May 31, 2008 at 12:00:55AM +0200, Ruediger Pluem wrote:
>> On 05/30/2008 01:49 PM, jorton@apache.org wrote:
>>> URL: http://svn.apache.org/viewvc?rev=661666&view=rev
>>> Log:
>>> Prevent CSRF attacks against the balancer-manager (CVE-2007-6420)
> ...
>>> @@ -619,6 +622,27 @@
>>>     }
>>> }
>>> +/* post_config hook: */
>>> +static int balancer_init(apr_pool_t *p, apr_pool_t *plog,
>>> +                         apr_pool_t *ptemp, server_rec *s)
>>> +{
> ...
>>> +
>>> +    apr_uuid_get(&balancer_nonce);
>>
>> Why don't we do apr_uuid_format already here and store the string  
>> directly?
>
> Sorry I didn't get to this sooner!  No reason at all - I've changed  
> the
> code as you suggested in r663967; thanks for the review.  (Since  
> this is
> not performance critical code I think the 2.2.x backport is fine as- 
> is)
>

I'll propose after some testing, so if we have time before
the T&R, we could possibly get it in.


Mime
View raw message