httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Fwd: [Bug 57204] New: LuaAuthzProvider mixes up parsed require arguments when used multiple times
Date Thu, 20 Nov 2014 00:16:14 GMT
CVE worthy?

(sent to dev@ since it's mild and already discussed publically)


---------- Forwarded message ----------
From:  <bugzilla@apache.org>
Date: Wed, Nov 12, 2014 at 9:52 AM
Subject: [Bug 57204] New: LuaAuthzProvider mixes up parsed require
arguments when used multiple times
To: bugs@httpd.apache.org


https://issues.apache.org/bugzilla/show_bug.cgi?id=57204

            Bug ID: 57204
           Summary: LuaAuthzProvider mixes up parsed require arguments
                    when used multiple times
           Product: Apache httpd-2
           Version: 2.4.10
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_lua
          Assignee: bugs@httpd.apache.org
          Reporter: covener@gmail.com

as reported in comments section of the manual anonymously, it looks like the
lua-specific hash used to store the parameters gets mixed up if you define 1
provider but use it with multiple require arguments.


original:

http://httpd.apache.org/docs/trunk/mod/mod_lua.html#comment_3245

--
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org



-- 
Eric Covener
covener@gmail.com

Mime
View raw message