Nicolas Lehuen wrote:
Hi Jim,
Until now, we suspected that the way global locks are handled could be
deadlock prone. You have just proved it.
I know that global locks are expensive on some systems, especially if
we want to use them in a multiprocess (forked) environment. That's why
we are
Yeah, we've got to be inline with the HTTP Project - prefork is the
default on unix systems, so we have to abide by it...
So I guess the solution is that we need to reserve two locks instead of
just one?
Grisha
On Thu, 23 Jun 2005, Jim Gallacher wrote:
Nicolas Lehuen wrote:
Hi Jim,
The attached patch resolved the issue I noted below,
10.4.6 405 Method Not Allowed
requires an Allow header (I would presume, even if empty),
while
10.5.2 501 Not Implemented states
This is the appropriate response when the server does not
recognize the request method and is not
[Again, this time w/ the attachement]
The attached patch resolved the issue I noted below,
10.4.6 405 Method Not Allowed requires an Allow header
(I would presume, even if empty, based on #() grammar),
while 10.5.2 501 Not Implemented states;
This is the appropriate response when the server
William A. Rowe, Jr. wrote:
++1 To Joe's comments.
Jeff's fix is technically right, but scares the nibbles out
of me. If, for example, an exploit is able to inject the
T-E on top of the legit C-L, I really suspect we should not
trust the origin server at all.
For origin servers (as opposed
At 02:34 AM 6/23/2005, jean-frederic clere wrote:
Once the patch applied we lose the information that the request was
incorrect.
That means we won't be able to choose in proxy between sending C-L (and
dechunk) and T-E.
s/request/response/
The point was, if one were to exploit the origin
I add an input filter with an ap_add_input_filter from an ap_hook_header_parser hook. My filter doesn't get called, i guess probably because we are too far in the request processing cycle. Sadly this filter needs perdirectoryconfig information that is not available within previous hooks. So shall
[ Ok, trying this again as a subscriber... I guess the list mods missed it:-/ ]
Hi, I've managed to tickle an obscure bug in Tcl's environment
introspection by launching a 'starpack' (self contained Tcl
executable+script) as a CGI. (*)
here is the relevant bit of strace:
4763
Sorry if i disturb you but i still don't manage to solve my problems. Is it possible to alter cookie in the header_parser hook?? I don't mean to alter the value of the apr_table of the apache server that contains cookie values i really mean changing cookies in the request so that some underling
On 6/23/05, jean-frederic clere [EMAIL PROTECTED] wrote:
William A. Rowe, Jr. wrote:
++1 To Joe's comments.
Jeff's fix is technically right, but scares the nibbles out
of me. If, for example, an exploit is able to inject the
T-E on top of the legit C-L, I really suspect we should not
Jeff Trawick wrote:
On 6/23/05, jean-frederic clere [EMAIL PROTECTED] wrote:
William A. Rowe, Jr. wrote:
++1 To Joe's comments.
Jeff's fix is technically right, but scares the nibbles out
of me. If, for example, an exploit is able to inject the
T-E on top of the legit C-L, I really suspect
On 6/23/05, jean-frederic clere [EMAIL PROTECTED] wrote:
Jeff Trawick wrote:
On 6/23/05, jean-frederic clere [EMAIL PROTECTED] wrote:
William A. Rowe, Jr. wrote:
++1 To Joe's comments.
Jeff's fix is technically right, but scares the nibbles out
of me. If, for example, an exploit is
At 05:45 AM 6/23/2005, Jeff Trawick wrote:
On 6/23/05, jean-frederic clere [EMAIL PROTECTED] wrote:
William A. Rowe, Jr. wrote:
++1 To Joe's comments.
Jeff's fix is technically right, but scares the nibbles out
of me. If, for example, an exploit is able to inject the
T-E on top of the
On 6/23/05, William A. Rowe, Jr. [EMAIL PROTECTED] wrote:
At 05:45 AM 6/23/2005, Jeff Trawick wrote:
On 6/23/05, jean-frederic clere [EMAIL PROTECTED] wrote:
William A. Rowe, Jr. wrote:
++1 To Joe's comments.
Jeff's fix is technically right, but scares the nibbles out
of me. If,
On Wednesday 22 June 2005 17:51, Joshua Slive wrote:
Note that http://httpd.apache.org/docs-2.0/developer/ is supposed to be
the canonical location for developer docs and links. Nick, could you
add a link to your site?
Done. Thanks for the suggestion.
I guess I didn't originally, because
Does anyone see a reason not to resurrect REQUEST_CHUNKED_PASS?
The 'TraceEnable extended' semantics include the entire body
handshaking for bodies 64kb (rejecting larger bodies as
memory hogs). The body = REQUEST_CHUNKED_PASS; line ensures
that the user sees the entire conversation.
This
The patch, in final form, tested and works for T-E with C-L body,
T-E with C-L body, C-L only, T-E only and no body. It correctly
denies proxy TRACE with a body by default, and will deny all TRACE
requests for 'TraceEnable off'.
Votes please, before I invest in patching 2.x?
A related
On 6/23/05, Jeff Trawick [EMAIL PROTECTED] wrote:
On 6/23/05, William A. Rowe, Jr. [EMAIL PROTECTED] wrote:
At 05:45 AM 6/23/2005, Jeff Trawick wrote:
On 6/23/05, jean-frederic clere [EMAIL PROTECTED] wrote:
William A. Rowe, Jr. wrote:
++1 To Joe's comments.
Jeff's fix is
I've attached patches for both trunk and 2.0.x. I was unable to
confirm that the trunk change drops the backend connection, probably
because of a basic user error when testing*. No issues verifying that
with 2.0 though.
*if the existing code earlier in the function to drop the backend
Hi
I am writing a module in which i am using my own configuration xml
file. I provide the functionality of dynamic configuration. user can
change the XML file and pass it as special request to my module to
update the configuration. It works fine for non prefork module, but
with the prefork MPM i
Index: server/protocol.c
===
--- server/protocol.c (revision 194460)
+++ server/protocol.c (working copy)
@@ -906,6 +906,7 @@
* ignored; so unset it here to prevent any confusion
* later. */
I think I just spotted a potential deadlock in psp.py.
def dbm_cache_store(srv, dbmfile, filename, mtime, val):
dbm_type = dbm_cache_type(dbmfile)
_apache._global_lock(srv, pspcache)
try:
dbm = dbm_type.open(dbmfile, 'c')
dbm[filename] = %d %s % (mtime,
One character fix to the verify password function to split the value
(pw hash:group:comment) field in the DBM by the same field separator
used when we stored it
(Separator fixed from semicolon to colon in revision 101946)
Index: support/htdbm.c
On 6/23/05, Eric Covener [EMAIL PROTECTED] wrote:
One character fix to the verify password function to split the value
(pw hash:group:comment) field in the DBM by the same field separator
used when we stored it
committed, thanks!
(An earlier patch I sent included changing htdbm to use apr_getopt --
this one retains the style of htdbm in the new parameter)
This patch adds support for creating combined AuthDBMUserFile /
AuthDMBGroupFile dbm files of the format:
key=username, value=encyryptedPass:group1,group2:ignored
On Jun 23, 2005, at 6:53 AM, William A. Rowe, Jr. wrote:
The patch, in final form, tested and works for T-E with C-L body,
T-E with C-L body, C-L only, T-E only and no body. It correctly
denies proxy TRACE with a body by default, and will deny all TRACE
requests for 'TraceEnable off'.
Votes
[ Please CC replies to me - thankyou! ]
Hi, I've managed to tickle an obscure bug in Tcl's environment
introspection by launching a 'starpack' (self contained Tcl
executable+script) as a CGI. (*)
here is the relevant bit of strace:
4763 execve(/usr/lib/cgi-bin/protect.cgi, [protect.cgi], [/*
Anybody had a chance to look at this yet?
I'm kind of suspicous of python_merge_config in mod_python.c. It gets
called once for every request, and calls apr_pcalloc which I assume
allocates some memory from the pool.
py_config *merged_conf =
(py_config *) apr_pcalloc(p,
28 matches
Mail list logo
