[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FW: Apache httpd: vulnerability with chunked encoding
On Mon, Jun 17, 2002 at 09:18:52PM +0200, Dries Schellekens wrote:
> On Mon, 17 Jun 2002, Rawten List Access wrote:
> > ----------
> > From: Mark J Cox <email@example.com>
> > Date: Mon, 17 Jun 2002 18:21:15 +0100 (BST)
> > Subject: Apache httpd: vulnerability with chunked encoding
> This was fixed in -current by henning 2 hours ago
> - len_to_read = (r->remaining > bufsiz) ? bufsiz : r->remaining;
> + len_to_read = (r->remaining > (unsigned int)bufsiz) ? bufsiz : r->remaining;
This was a quick fix for the obvious exploit (and indeed fixed this one).
I had a better one in my tree, but then apache.org was faster ;-) The latter
is in now.