httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Schaefer <joe_schae...@yahoo.com>
Subject Re: svn commit: r1161661 - /httpd/httpd/trunk/modules/http/byterange_filter.c
Date Thu, 25 Aug 2011 21:14:05 GMT
My criticism has to do with your implementation.
There's no point in fixing exploitable code with
a differently exploitable implementation.  Just
buffer things in an internal array and merge the
string once at the end of the loop, and *not* as
you iterate over the elements of the range header.




>________________________________
>From: Jim Jagielski <jim@jaguNET.com>
>To: dev@httpd.apache.org
>Sent: Thursday, August 25, 2011 5:10 PM
>Subject: Re: svn commit: r1161661 - /httpd/httpd/trunk/modules/http/byterange_filter.c
>
>
>On Aug 25, 2011, at 5:02 PM, Joe Schaefer wrote:
>
>> +1, also has the advantage of not being a quadratic
>> allocator the way Jim's usage of apr_pstrcat is.
>> 
>
>So what, exactly, will ap_set_byterange() do…? It was
>my impression that it created our r->range entry...
>
>
Mime
View raw message