We're currently shipping Apache 1.3.20 (yeah, I know we're a little behind) for OpenVMS and need to generate a patch (new image) for our customers to fix the problem described in CAN-2002-0392. Shipping them 1.3.26 is not an option in the near term, so we're trying to determine the minimum change necessary to fix the problem.
I believe that the fix is contained in http_protocol.c, cvs versions 1.317 through 1.319 (assuming a standard implementation of strtol function). Can someone confirm this? Rick Barry Hewlett Packard Company Compaq Secure Web Server Project Team 110 Spit Brook Road OpenVMS System Software Group Nashua, NH 03062 Business Critical Server Group (603) 884-0634