-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 19/09/2014 17:30, Daniel Lowrey a écrit :
> In an effort to fix a very old (seven years old) DoS vulnerability > involving encrypted streams I created a regression where feof() > notifications on encrypted sockets are broken. This is present in > both the most recent 5.4.33 and 5.5.17 releases. Can you please point us to the related commit... (which one cause the regression, which ones are useful) I saw Aug 7th Bug #41631: Observe socket read timeouts in SSL streams http://git.php.net/?p=php-src.git;a=commitdiff;h=6569db88081562f68a4f79e52cba83482bdf05fc Sep 9th Bug #67965: Fix blocking behavior in non-blocking crypto streams http://git.php.net/?p=php-src.git;a=commitdiff;h=f86b2193a483f56b0bd056570a0cdb57ebe66e2f Sep 9th Bug #41631: Fix regression from first attempt (6569db8) http://git.php.net/?p=php-src.git;a=commitdiff;h=372844918a318ad712e16f9ec636682424a65403 Does a revert of the first enough to get back to previous behavior ? Thanks, Remi -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlQcUtEACgkQYUppBSnxahj/JACfYlWbaXrhgyzjyGNz0yMvxv0U +GkAnRLWVtTwkS22aLqZyipO0dDxEGW8 =v2OH -----END PGP SIGNATURE----- -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
