Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 71135 invoked from network); 28 Dec 2010 14:56:46 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 28 Dec 2010 14:56:46 -0000 Received: (qmail 75197 invoked by uid 500); 28 Dec 2010 14:56:45 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 74848 invoked by uid 500); 28 Dec 2010 14:56:45 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 74836 invoked by uid 99); 28 Dec 2010 14:56:44 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Dec 2010 14:56:44 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=10.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [188.40.99.202] (HELO eru.sfritsch.de) (188.40.99.202) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Dec 2010 14:56:37 +0000 Received: from [10.1.1.6] (helo=k.localnet) by eru.sfritsch.de with esmtp (Exim 4.69) (envelope-from ) id 1PXayG-0006Te-D6; Tue, 28 Dec 2010 15:56:16 +0100 From: Stefan Fritsch To: dev@httpd.apache.org Subject: Re: [PATCH] mod_cgi: Mitigating some header injections by dropping invalid headers? Date: Tue, 28 Dec 2010 15:56:15 +0100 User-Agent: KMail/1.13.5 (Linux/2.6.32-5-amd64; KDE/4.4.5; x86_64; ; ) Cc: "Malte S. Stretz" References: <201010121630.19406.mss@apache.org> <201011222325.07456@msquadrat.de> <201012081517.04520@msquadrat.de> In-Reply-To: <201012081517.04520@msquadrat.de> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-6" Content-Transfer-Encoding: 7bit Message-Id: <201012281556.16090.sf@sfritsch.de> On Wednesday 08 December 2010, Malte S. Stretz wrote: > Hmm, no reply yet, are there any objections/comments/questions > about the patches? If not, anybody with enough karma to > commit? Just asking :) I have commited the variant without separate config directive as r1053357, r1053363, r1053365. Thank you very much for your patch and your patience.