> -----Original Message----- > From: Joe Orton [mailto:[email protected]] > Sent: Mittwoch, 16. Dezember 2009 17:02 > To: [email protected] > Subject: Re: handling request splicing in case of server > initiated renegotiation CVE-2009-3555 > > On Sun, Dec 13, 2009 at 06:59:37PM +0100, Ruediger Pluem wrote: > > On 26.11.2009 22:06, Ruediger Pluem wrote: > > > On 11/19/2009 04:58 PM, Joe Orton wrote: > > >> Yes, I agree, this seems very sensible, I can't see any > problem with > > >> this. > > >> > > >> I would prefer to do it in a slightly more general way > as below, which > > >> would catch the case where any other module's connection > filter had > > >> buffered the data, and adds appropriate logging. > > >> > > >> (more general but which required half a day tracking > down an obscure bug > > >> in the BIO/filters, also fixed below...) > > >> > > >> Testing on this version very welcome! > > > > > > Anything that prevents this from committing? > > > > Ping, Joe? > > Sorry - trying to keep too many plates spinning at the moment: > > Done in http://svn.apache.org/viewvc?view=revision&revision=891282 >
Thanks Joe. Regards Rüdiger
