On Sat, May 7, 2011 at 7:08 AM, Rainer Jung <rainer.j...@kippdata.de> wrote:
> On 07.05.2011 11:57, William A. Rowe Jr. wrote:
>>
>> On 5/7/2011 12:20 AM, Ruediger Pluem wrote:
>>>
>>>
>>> On 05/06/2011 03:14 PM, cove...@apache.org wrote:
>>>>
>>>> Author: covener
>>>> Date: Fri May  6 13:14:27 2011
>>>> New Revision: 1100200
>>>>
>>>> URL: http://svn.apache.org/viewvc?rev=1100200&view=rev
>>>> Log:
>>>> Merge r820760, r919323, r937858, r938265 from trunk:
>>>>
>>>> Reviewed By: sf, trawick, covener
>>
>>>> Modified: httpd/httpd/branches/2.2.x/server/protocol.c
>>>> URL:
>>>> http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/protocol.c?rev=1100200&r1=1100199&r2=1100200&view=diff
>>>>
>>>> ==============================================================================
>>>> --- httpd/httpd/branches/2.2.x/server/protocol.c (original)
>>>> +++ httpd/httpd/branches/2.2.x/server/protocol.c Fri May  6 13:14:27
>>>> 2011
>>>> @@ -608,6 +608,9 @@ static int read_request_line(request_rec
>>>>                  r->proto_num = HTTP_VERSION(1,0);
>>>>                  r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
>>>>              }
>>>> +            else if (rv == APR_TIMEUP) {
>>
>>>> @@ -691,7 +694,12 @@ AP_DECLARE(void) ap_get_mime_headers_cor
>>>>                           &len, r, 0, bb);
>>>>
>>>>          if (rv != APR_SUCCESS) {
>>>> -            r->status = HTTP_BAD_REQUEST;
>>>> +            if (rv == APR_TIMEUP) {
>>>
>>> As mentioned previously APR_STATUS_IS_TIMEUP should be used instead.
>>> Didn't we have a security issue on Windows and Netware because of this?
>>
>> Absolutely; +1 to expedite this patch; with a third +1 I'll commit.
>>
>> Bill
>
> +1 to change from comparison with APR_TIMEUP to APR_STATUS_IS_TIMEUP in both
> places in protocol.c. Note this applies to trunk and 2.2.
>
> Two more recent APR_TIMEUP additions are in trunk, Ruediger commented on
> them Re r1092076 on APril 23rd. I'd say they should be fixed as well.
>
> Regards,
>
> Rainer
>

third +1 and will backport and link to this thread.

-- 
Eric Covener
cove...@gmail.com

Reply via email to