httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: svn commit: r1639814 - /httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c
Date Mon, 17 Nov 2014 16:15:18 GMT
Hi Jeff,

I just post a note here so that you don't miss a comment I made in a
reply (dev@) to commit r1640036.

Thanks,
Yann.


On Sun, Nov 16, 2014 at 11:43 PM, Yann Ylavic <ylavic.dev@gmail.com> wrote:
> On Sun, Nov 16, 2014 at 10:06 PM, Yann Ylavic <ylavic.dev@gmail.com> wrote:
>> On Sat, Nov 15, 2014 at 1:57 PM, Jeff Trawick <trawick@gmail.com> wrote:
>>>
>>> I was looking at the diffs for 2.4 and noticed some vestigial code from the
>>> first revision; please check the attached patch to see if you agree with
>>> some additional removals.
>>
>> Agreed, I should have reverted the patch and restarted from scratch.
>> To ease review now, I'd better revert the whole and re-commit once for
>> both *fcgi modules, and propose this one for the CVE.
>
> Done in r1640034 (revert), and r1640036/r1640037 (commit/proposal).
>
>>
>>> Also, my understanding is that
>>>
>>> * some of the code in your first revision of both modules catches potential
>>> errors that should have been caught before, so that's an additional issue
>>> that could be mentioned in CHANGES.
>>
>> You are talking about the loop-breakage after the switch() which now
>> catches inner errors (not reverted by your patch), right?
>> I'll propose this change separately (from the CVE commit) then.
>
> Done in r1640040+r1640042 (commits), and r1640045 (proposal).
>
> Thanks again for the review.

Mime
View raw message