Hi Jim,
On Thu, Jul 05, 2012 at 01:49:25PM +0200, Jim Meyering wrote:
This is my first httpd patch/report.
If you'd prefer that it go to a BZ or a different list, just let me know.
This is fine!
I found this by inspection: it appears that line[-1] (the heap) can be
corrupted. Is it
Joe Orton wrote:
Hi Jim,
On Thu, Jul 05, 2012 at 01:49:25PM +0200, Jim Meyering wrote:
This is my first httpd patch/report.
If you'd prefer that it go to a BZ or a different list, just let me know.
This is fine!
I found this by inspection: it appears that line[-1] (the heap) can be
...@redhat.com
Date: Thu, 7 Jun 2012 22:48:15 +0200
Subject: [PATCH] don't corrupt heap upon empty response from OCSP server
* modules/ssl/ssl_util_ocsp.c (get_line): Don't set line[-1] to 0
when len == 0.
---
modules/ssl/ssl_util_ocsp.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff
