httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: DO NOT REPLY [Bug 48359] Buffer overflow related to setting RequestHeader
Date Wed, 20 Jan 2010 21:47:47 GMT

On 20 Jan 2010, at 10:47, bugzilla@apache.org wrote:

> https://issues.apache.org/bugzilla/show_bug.cgi?id=48359
> 
> --- Comment #7 from Ruediger Pluem <rpluem@apache.org> 2010-01-20 03:47:50 CET
---
> (In reply to comment #6)
>> It's a RFC - if your comment represents a +1, I'm happy to revert and commit
>> a patch based on his proposal - I was looking for a sanity check from the
>> other committers who had reviewed the original fix.
> 
> Yes, this a +1.

-1 for anything that's a candidate for backport to 2.2.
Unless someone can convince me otherwise.

This raises an issue of what exactly is a subrequest.  It's a mix of the
parent request and separate (new) fields, and request headers come
from the parent. There are probably modules that rely on this (without
risking the bug we're dealing with), and they'll break if we change it.

Using r->pool is IMHO the lesser of two evils.

-- 
Nick Kew

Mime
View raw message