httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: svn commit: r1714742 - /httpd/httpd/branches/2.4.x/STATUS
Date Wed, 18 Nov 2015 17:21:41 GMT
On Tue, Nov 17, 2015 at 3:50 PM, Yann Ylavic <ylavic.dev@gmail.com> wrote:
> On Tue, Nov 17, 2015 at 10:48 AM,  <icing@apache.org> wrote:
>>
>> Modified: httpd/httpd/branches/2.4.x/STATUS
>> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1714742&r1=1714741&r2=1714742&view=diff
>> ==============================================================================
>> --- httpd/httpd/branches/2.4.x/STATUS (original)
>> +++ httpd/httpd/branches/2.4.x/STATUS Tue Nov 17 09:48:54 2015
>> @@ -161,6 +161,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
>>       2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-check_pipeline_blank_lines.patch
>>                    (trunk works, meant to ease review)
>>       +1: ylavic, minfrin
>> +     icing: test 3 fails for me in t/security/CVE-2005-3357.t
>
> I can't reproduce this (with 2.4.x and this patch only)...

Finally got it.

The problem was about "HTTP spoken on HTTPS port" handling in
ssl_io_filter_input() not prepared to AP_MODE_INIT from
process_connection() and AP_MODE_SPECULATIVE read for H2Direct.

I fixed it in r1715023 by extending the NON_SSL_* state machine,
please review...

Mime
View raw message