> From: Cliff Woolley [mailto:[EMAIL PROTECTED]] > > On Mon, 10 Jun 2002, Ryan Bloom wrote: > > > Please make sure that your code is up to date, because the server is > > supposed to have logic that protects us from getting into an infinite > > loop. > > Paul, I notice the line numbers in your back trace don't quite match up > with mine... is this HEAD? Or are there local mods? > > > Wait a sec, the problem could be the ErrorDocument path. The test suite > > doesn't exercise that path......... Will report back soon. > > Ah. Well I'll wait for Ryan to check that then.
I've tried everything I can think of to make this fail. It refuses to fail for me. Please make sure that your code is up to date, and let me know what version of the SSL libraries you are using. For completeness, here are my test cases: 1) Run the test suite (this tests http://localhost:8350 where 8350 is the SSL port). Also requested a page through telnet and Konqueror. 2) Add a plain text ErrorDocument for 400 requests. Request a page 3) Copy the HTTP_BAD_REQUEST.html.var files and the config to my test server, request a page. All three scenarios work for me on Linux. There is a problem in the 3rd case, which looks to be from a non-terminated string (bad, but not a buffer overflow, we just forgot to add a \0). I'll fix that quickly. Paul or Allen, can either of you provide more details? There really is logic in the server to stop the ap_die calls from being recursive, so this bug really surprises me. Ryan
