httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject RE: handling request splicing in case of server initiated renegotiation CVE-2009-3555
Date Wed, 16 Dec 2009 16:20:43 GMT
 

> -----Original Message-----
> From: Joe Orton [mailto:jorton@redhat.com] 
> Sent: Mittwoch, 16. Dezember 2009 17:02
> To: dev@httpd.apache.org
> Subject: Re: handling request splicing in case of server 
> initiated renegotiation CVE-2009-3555
> 
> On Sun, Dec 13, 2009 at 06:59:37PM +0100, Ruediger Pluem wrote:
> > On 26.11.2009 22:06, Ruediger Pluem wrote:
> > > On 11/19/2009 04:58 PM, Joe Orton wrote:
> > >> Yes, I agree, this seems very sensible, I can't see any 
> problem with 
> > >> this.  
> > >>
> > >> I would prefer to do it in a slightly more general way 
> as below, which 
> > >> would catch the case where any other module's connection 
> filter had 
> > >> buffered the data, and adds appropriate logging.
> > >>
> > >> (more general but which required half a day tracking 
> down an obscure bug 
> > >> in the BIO/filters, also fixed below...)
> > >>
> > >> Testing on this version very welcome!
> > > 
> > > Anything that prevents this from committing?
> > 
> > Ping, Joe?
> 
> Sorry - trying to keep too many plates spinning at the moment:
> 
> Done in http://svn.apache.org/viewvc?view=revision&revision=891282
> 

Thanks Joe.

Regards

Rüdiger

Mime
View raw message