Re: svn commit: r1799375 - /httpd/httpd/trunk/server/util.c

On Mon, Jun 26, 2017 at 3:14 PM, Jacob Champion wrote: > On 06/20/2017 11:08 PM, William A Rowe Jr wrote: >> >> Sorry but I reraise my objection and veto worthless cpu cycles. > > For posterity, can I get a succinct description of your technical > justification for this

Re: svn commit: r1799375 - /httpd/httpd/trunk/server/util.c

On 06/20/2017 11:08 PM, William A Rowe Jr wrote: Sorry but I reraise my objection and veto worthless cpu cycles. Hi Bill, For posterity, can I get a succinct description of your technical justification for this veto? --Jacob

Re: svn commit: r1799375 - /httpd/httpd/trunk/server/util.c

Reverted while the veto is in effect. On 06/20/2017 11:08 PM, William A Rowe Jr wrote: Sorry but I reraise my objection and veto worthless cpu cycles. Yep, but it's public now, which was my goal. Background for the uninitiated: CVE-2017-7668 is a buffer overrun caused by Bill's patch in the

Re: svn commit: r1799375 - /httpd/httpd/trunk/server/util.c

On Wed, Jun 21, 2017 at 1:08 AM, William A Rowe Jr wrote: > > But there were only two questionable values for \0, and in this case the > answer is obvious. Invert the rule to a TOKEN char from the rather dubious > TOKEN_STOP definition. Solved. ... for trunk, IMO. I don't

Re: svn commit: r1799375 - /httpd/httpd/trunk/server/util.c

Sorry but I reraise my objection and veto worthless cpu cycles. The correct fix to your concern is to document all expected behavior of the null but in gen_test_char.c - and in such tests a /* !c && */ notation is fine. Due to the way we assemble the code, I'm not convinced it that any compiler