httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: handling request splicing in case of server initiated renegotiation CVE-2009-3555
Date Wed, 16 Dec 2009 16:01:36 GMT
On Sun, Dec 13, 2009 at 06:59:37PM +0100, Ruediger Pluem wrote:
> On 26.11.2009 22:06, Ruediger Pluem wrote:
> > On 11/19/2009 04:58 PM, Joe Orton wrote:
> >> Yes, I agree, this seems very sensible, I can't see any problem with 
> >> this.  
> >>
> >> I would prefer to do it in a slightly more general way as below, which 
> >> would catch the case where any other module's connection filter had 
> >> buffered the data, and adds appropriate logging.
> >>
> >> (more general but which required half a day tracking down an obscure bug 
> >> in the BIO/filters, also fixed below...)
> >>
> >> Testing on this version very welcome!
> > 
> > Anything that prevents this from committing?
> 
> Ping, Joe?

Sorry - trying to keep too many plates spinning at the moment:

Done in http://svn.apache.org/viewvc?view=revision&revision=891282

Regards, Joe

Mime
View raw message