On Sat, May 7, 2011 at 7:08 AM, Rainer Jung <rainer.j...@kippdata.de> wrote: > On 07.05.2011 11:57, William A. Rowe Jr. wrote: >> >> On 5/7/2011 12:20 AM, Ruediger Pluem wrote: >>> >>> >>> On 05/06/2011 03:14 PM, cove...@apache.org wrote: >>>> >>>> Author: covener >>>> Date: Fri May 6 13:14:27 2011 >>>> New Revision: 1100200 >>>> >>>> URL: http://svn.apache.org/viewvc?rev=1100200&view=rev >>>> Log: >>>> Merge r820760, r919323, r937858, r938265 from trunk: >>>> >>>> Reviewed By: sf, trawick, covener >> >>>> Modified: httpd/httpd/branches/2.2.x/server/protocol.c >>>> URL: >>>> http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/protocol.c?rev=1100200&r1=1100199&r2=1100200&view=diff >>>> >>>> ============================================================================== >>>> --- httpd/httpd/branches/2.2.x/server/protocol.c (original) >>>> +++ httpd/httpd/branches/2.2.x/server/protocol.c Fri May 6 13:14:27 >>>> 2011 >>>> @@ -608,6 +608,9 @@ static int read_request_line(request_rec >>>> r->proto_num = HTTP_VERSION(1,0); >>>> r->protocol = apr_pstrdup(r->pool, "HTTP/1.0"); >>>> } >>>> + else if (rv == APR_TIMEUP) { >> >>>> @@ -691,7 +694,12 @@ AP_DECLARE(void) ap_get_mime_headers_cor >>>> &len, r, 0, bb); >>>> >>>> if (rv != APR_SUCCESS) { >>>> - r->status = HTTP_BAD_REQUEST; >>>> + if (rv == APR_TIMEUP) { >>> >>> As mentioned previously APR_STATUS_IS_TIMEUP should be used instead. >>> Didn't we have a security issue on Windows and Netware because of this? >> >> Absolutely; +1 to expedite this patch; with a third +1 I'll commit. >> >> Bill > > +1 to change from comparison with APR_TIMEUP to APR_STATUS_IS_TIMEUP in both > places in protocol.c. Note this applies to trunk and 2.2. > > Two more recent APR_TIMEUP additions are in trunk, Ruediger commented on > them Re r1092076 on APril 23rd. I'd say they should be fixed as well. > > Regards, > > Rainer >
third +1 and will backport and link to this thread. -- Eric Covener cove...@gmail.com
