Re: [PATCH] http.c security

2006-10-26 Thread Vincent CHAVANIS
@kannel.org Sent: Wednesday, October 25, 2006 10:06 PM Subject: [PATCH] http.c security Hi All, please find attached security bug fix for http.c. We have issue when we use keep alive connections with our connection pool. Just imagine such scenario without a patch: 1) http_start_request(..., ssl=0

Re: [PATCH] http.c security

2006-10-26 Thread Alexander Malysh
Hi again, patch comitted to cvs. Am 25.10.2006, 22:06 Uhr, schrieb Alexander Malysh [EMAIL PROTECTED]: Hi All, please find attached security bug fix for http.c. We have issue when we use keep alive connections with our connection pool. Just imagine such scenario without a patch: 1)

[PATCH] http.c security

2006-10-25 Thread Alexander Malysh
Hi All, please find attached security bug fix for http.c. We have issue when we use keep alive connections with our connection pool. Just imagine such scenario without a patch: 1) http_start_request(..., ssl=0,certkeyfile=NULL,our_host=NULL) 2) http_start_request(...,

Re: [PATCH] http.c security

2006-10-25 Thread Enver ALTIN
On Wed, 2006-10-25 at 22:06 +0200, Alexander Malysh wrote: please find attached security bug fix for http.c. We have issue when we use keep alive connections with our connection pool. Just imagine such scenario without a patch: 1) http_start_request(...,

Re: [PATCH] http.c security

2006-10-25 Thread Stipe Tolj
Alexander Malysh wrote: Hi All, please find attached security bug fix for http.c. We have issue when we use keep alive connections with our connection pool. Just imagine such scenario without a patch: 1) http_start_request(..., ssl=0,certkeyfile=NULL,our_host=NULL) 2)

Re: [PATCH] http.c security

2006-10-25 Thread Stipe Tolj
Enver ALTIN wrote: On Wed, 2006-10-25 at 22:06 +0200, Alexander Malysh wrote: please find attached security bug fix for http.c. We have issue when we use keep alive connections with our connection pool. Just imagine such scenario without a patch: 1) http_start_request(...,

Re: [PATCH] http.c security

2006-10-25 Thread Enver ALTIN
On Thu, 2006-10-26 at 02:54 +0200, Stipe Tolj wrote: Enver ALTIN wrote: On Wed, 2006-10-25 at 22:06 +0200, Alexander Malysh wrote: please find attached security bug fix for http.c. We have issue when we use keep alive connections with our connection pool. Just imagine such scenario

Re: [PATCH] http.c security

2006-10-25 Thread Mi Reflejo
yap definitively +1 for me. M On 10/26/06, Enver ALTIN [EMAIL PROTECTED] wrote: On Thu, 2006-10-26 at 02:54 +0200, Stipe Tolj wrote: Enver ALTIN wrote: On Wed, 2006-10-25 at 22:06 +0200, Alexander Malysh wrote: please find attached security bug fix for http.c. We have issue when we