On 07.05.2011 11:57, William A. Rowe Jr. wrote:
On 5/7/2011 12:20 AM, Ruediger Pluem wrote:
On 05/06/2011 03:14 PM, cove...@apache.org wrote:
Author: covener
Date: Fri May 6 13:14:27 2011
New Revision: 1100200
URL: http://svn.apache.org/viewvc?rev=1100200&view=rev
Log:
Merge r820760, r919323, r937858, r938265 from trunk:
Reviewed By: sf, trawick, covener
Modified: httpd/httpd/branches/2.2.x/server/protocol.c
URL:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/protocol.c?rev=1100200&r1=1100199&r2=1100200&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/protocol.c (original)
+++ httpd/httpd/branches/2.2.x/server/protocol.c Fri May 6 13:14:27 2011
@@ -608,6 +608,9 @@ static int read_request_line(request_rec
r->proto_num = HTTP_VERSION(1,0);
r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
}
+ else if (rv == APR_TIMEUP) {
@@ -691,7 +694,12 @@ AP_DECLARE(void) ap_get_mime_headers_cor
&len, r, 0, bb);
if (rv != APR_SUCCESS) {
- r->status = HTTP_BAD_REQUEST;
+ if (rv == APR_TIMEUP) {
As mentioned previously APR_STATUS_IS_TIMEUP should be used instead.
Didn't we have a security issue on Windows and Netware because of this?
Absolutely; +1 to expedite this patch; with a third +1 I'll commit.
Bill
+1 to change from comparison with APR_TIMEUP to APR_STATUS_IS_TIMEUP in
both places in protocol.c. Note this applies to trunk and 2.2.
Two more recent APR_TIMEUP additions are in trunk, Ruediger commented on
them Re r1092076 on APril 23rd. I'd say they should be fixed as well.
Regards,
Rainer
