On Tue, Jun 13, 2017 at 11:55 PM, Rashmi Srinivasan
wrote:
> However making a single change as bellow, got the Unsafe option to work.
I think that is wrong for the rest of the merge function.
--
Eric Covener
cove...@gmail.com
Thanks Eric, Please ignore my previous message.
http://svn.apache.org/viewvc?view=revision=1783440
Porting from above, httpprotocoloptions works as expected.
Thanks,
Rashmi
On Wed, Jun 14, 2017 at 9:25 AM, Rashmi Srinivasan <
rashmisrinivasan2...@gmail.com> wrote:
> Thanks for your response
Thanks for your response Eric.
Porting the changes from http://svn.apache.org/
viewvc?view=revision=1783440 also didn't help.
However making a single change as bellow, got the Unsafe option to work.
conf = (core_server_config *)apr_pmemdup(p, virt, sizeof(core_server_config));
to
conf =
http://svn.apache.org/viewvc?view=revision=1783440
On Tue, Jun 13, 2017 at 2:19 PM, Rashmi Srinivasan
wrote:
> Hi Yann/Eric.
> -We have ported the changes for CVE -2016-8743. into apache 2.2 on
> HP-UX
>But while testing we find that
Hi Yann/Eric.
-We have ported the changes for CVE -2016-8743. into apache 2.2 on
HP-UX
But while testing we find that HTTPProtocolOption Unsafe tested
with GET /HTTP 1.0/\n\n responds with BAD Request, when it is suppose to
succeed.
However after making changes as