jean-frederic clere wrote:
William A. Rowe, Jr. wrote:
At 03:07 PM 6/17/2005, William A. Rowe, Jr. wrote:
-1 on Win32, caddr_t isn't sufficiently portable (fix committed).
Correction, -1 on all platforms.
jfclere just committed a significant patch to the T-E override
of the C-L passed to us, as part of the Watchfire vulnerability
fixes. It seems very irresponsible to release any flavor (alpha,
beta, nadda) with a known vuln, when we've committed a fix already.
I still need some more time to check POST with 2 different
content-lengths
HTTP_BAD_REQUEST for this one.
and GET with content-length.
I think that is not forbidden in the rfc...
But what about returning HTTP_BAD_REQUEST if Content-Length is not 0?
Also, possibly across platforms is a fault in ssl_engine_init,
where the host->protocol is still NULL, and we are trying to
strcmp it to 'https'. I spent part of my weekend trying to
grok what change has broken this, but strcmp to NULL is popping
a segfault. Not worthy of rejecting 2.1.5 on it's own, this is
still a minor irritation. FYI - mod_ssl was loaded without SSL
being defined, so no ssl host actually exists.
Bill