httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: svn commit: r917867 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS server/protocol.c
Date Wed, 03 Mar 2010 10:10:47 GMT
On Tue, Mar 02, 2010 at 04:01:29AM -0000, William Rowe wrote:
> Author: wrowe
> Date: Tue Mar  2 04:01:29 2010
> New Revision: 917867
> 
> URL: http://svn.apache.org/viewvc?rev=917867&view=rev
> Log:
> Ensure each subrequest has a shallow copy of headers_in so that the
> parent request headers are not corrupted.  Eliminates a problematic
> optimization in the case of no request body.  
> 
> PR: 48359 
> Submitted by: Jake Scott, wrowe, rpluem
> Backports: server/protocol.c r901578
> Reviewed by: minfrin

There is some discussion on the PR (and previously on security@) about 
the potential security impact to this - the argument being that in a 
threaded server, memory re-use could lead to an information leak of 
request/response data from another thread.

This seems like a borderline case, but we should assign a CVE name - 
Mark, can you assign one?

Regards, Joe

Mime
View raw message