Hi Jeff, I just post a note here so that you don't miss a comment I made in a reply (dev@) to commit r1640036.
Thanks, Yann. On Sun, Nov 16, 2014 at 11:43 PM, Yann Ylavic <[email protected]> wrote: > On Sun, Nov 16, 2014 at 10:06 PM, Yann Ylavic <[email protected]> wrote: >> On Sat, Nov 15, 2014 at 1:57 PM, Jeff Trawick <[email protected]> wrote: >>> >>> I was looking at the diffs for 2.4 and noticed some vestigial code from the >>> first revision; please check the attached patch to see if you agree with >>> some additional removals. >> >> Agreed, I should have reverted the patch and restarted from scratch. >> To ease review now, I'd better revert the whole and re-commit once for >> both *fcgi modules, and propose this one for the CVE. > > Done in r1640034 (revert), and r1640036/r1640037 (commit/proposal). > >> >>> Also, my understanding is that >>> >>> * some of the code in your first revision of both modules catches potential >>> errors that should have been caught before, so that's an additional issue >>> that could be mentioned in CHANGES. >> >> You are talking about the loop-breakage after the switch() which now >> catches inner errors (not reverted by your patch), right? >> I'll propose this change separately (from the CVE commit) then. > > Done in r1640040+r1640042 (commits), and r1640045 (proposal). > > Thanks again for the review.
