http://svn.apache.org/viewvc?view=revision&revision=1783440
On Tue, Jun 13, 2017 at 2:19 PM, Rashmi Srinivasan
<rashmisrinivasan2007@xxxxxxxxx> wrote:
> Hi Yann/Eric.
> - We have ported the changes for CVE -2016-8743. into apache 2.2 on
> HP-UX
> But while testing we find that HTTPProtocolOption Unsafe tested
> with GET /HTTP 1.0/\n\n responds with BAD Request, when it is suppose to
> succeed.
>
> However after making changes as mentioned in
> https://bz.apache.org/bugzilla/show_bug.cgi?id=60704, Unsafe
> option responds with a success.
>
> Is the below change valid for 2.2?
>
> in 2.2.32:
> static void *merge_core_server_configs(apr_pool_t *p, void *basev, void
> *virtv)
> {
> core_server_config *base = (core_server_config *)basev;
> core_server_config *virt = (core_server_config *)virtv;
> core_server_config *conf;
>
> conf = (core_server_config *)apr_pmemdup(p, base,
> sizeof(core_server_config));
>
> in 2.4.25:
> static void *merge_core_server_configs(apr_pool_t *p, void *basev, void
> *virtv)
> {
> core_server_config *base = (core_server_config *)basev;
> core_server_config *virt = (core_server_config *)virtv;
> core_server_config *conf = (core_server_config *)
> apr_pmemdup(p, base,
> sizeof(core_server_config));
>
>
> Please advise.
>
> Thanks
> Rashmi
--
Eric Covener
covener@xxxxxxxxx
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|