At 09:49 PM 6/20/2002, Jim Jagielski wrote:
Cliff Woolley wrote:
On Thu, 20 Jun 2002, Roy T. Fielding wrote:
This patch should be sufficient to fix the security hole for most
versions of Apache httpd 1.2. Should we put it up on dist/httpd?
What about the proxy?
Not really a
William A. Rowe, Jr. wrote:
What about the proxy?
Not really a problem with 1.2, or other non HTTP/1.1 proxies I think :)
Not a problem, IIRC, until we introduced 1.3.24 with the HTTP/1.1 proxy.
As far as I remember, proxy uses the existing chunking functions in
http_protocol.c to
This patch should be sufficient to fix the security hole for most
versions of Apache httpd 1.2. Should we put it up on dist/httpd?
It turns out that this small patch is sufficient to plug the hole
on all 1.2 and 1.3.* versions up until 1.3.24 if mod_proxy is in use.
I have placed it in the
This patch should be sufficient to fix the security hole for most
versions of Apache httpd 1.2. Should we put it up on dist/httpd?
Roy
--- apache-1.2/src/http_protocol.c Thu Jan 4 01:21:10 2001
+++ apache-1.2/src/patched_http_protocol.c Thu Jun 20 18:13:04 2002
-1535,6
On Thu, 20 Jun 2002, Roy T. Fielding wrote:
This patch should be sufficient to fix the security hole for most
versions of Apache httpd 1.2. Should we put it up on dist/httpd?
What about the proxy?
--Cliff
Cliff Woolley wrote:
On Thu, 20 Jun 2002, Roy T. Fielding wrote:
This patch should be sufficient to fix the security hole for most
versions of Apache httpd 1.2. Should we put it up on dist/httpd?
What about the proxy?
Not really a problem with 1.2, or other non HTTP/1.1 proxies I