Comment #26 on issue 192 by [email protected]: Crash when sending
specially crafted packet
http://code.google.com/p/memcached/issues/detail?id=192
@dorma.....
The patch I attached is for this bug, not for a new or on other bug. I just
believe it is better solution.
I have a small description, of what this patch does, and why it is the
correct solution to the problem in bug preamble and in my comment.
I do not understand why you are saying that there is not test case. The
test case reported at the top of this page, when this bug reported:
echo
-en '\x80\x12\x00\x01\x08\x00\x00\x00\xff\xff\xff\xe8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
| nc localhost 11211
Also the perl script in sidhpurwala.huzaifa's memcached-Fix-crash.txt file
is a test case.
I'll repeat again: Almost all of the security patches I've seen
submitted have been awful. They either change a harmless crash
into an actual segmentation fault, are pointless cargo-culted
changes, or simply lack tests.
It is project members responsibility to check and accept or reject patches.
I was just posted a patch here because I asked by a customer for this. He
was worrying because in many cases, crackers do not need direct access to
a server to crack it.
I still believe that my patch is a correct solution.
The tests are not always enough, project developers should always examine
the code.
You can easily examine the code I am changing and decide if what I am
claiming is correct or not.
In any case, accept or reject a patch is project developers responsibility.
Regards,
chtsanti
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
---
You received this message because you are subscribed to the Google Groups "memcached" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
