RE: [PATCH] Potential buffer overflow attach in mod_jk

2001-09-27 Thread GOMEZ Henri
Bill Barker [mailto:[EMAIL PROTECTED]] >Sent: Thursday, September 27, 2001 2:42 AM >To: [EMAIL PROTECTED] >Subject: Re: [PATCH] Potential buffer overflow attach in mod_jk > > >Here's with jk_pool_strdup (against RC1, not HEAD). It looked >to me like >uw_map->p wasn'

RE: [PATCH] Potential buffer overflow attach in mod_jk

2001-09-26 Thread Keith Wannamaker
I was afraid of that... guess os memory allocation it is, then. Keith | It looked to me like | uw_map->p wasn't suitable for per-request allocations (i.e. it would just | eat memory until the server was re-started), and since this is in common, I | couldn't use ap_strdup since that breaks all no

Re: [PATCH] Potential buffer overflow attach in mod_jk

2001-09-26 Thread Bill Barker
non-Apache servers. - Original Message - From: "Keith Wannamaker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 26, 2001 5:25 PM Subject: RE: [PATCH] Potential buffer overflow attach in mod_jk > Hi Bill, would you resubmit a patch that makes use of e

RE: [PATCH] Potential buffer overflow attach in mod_jk

2001-09-26 Thread Keith Wannamaker
lease do some testing. Thanks, Keith | -Original Message- | From: Bill Barker [mailto:[EMAIL PROTECTED]] | Sent: Wednesday, September 26, 2001 2:37 PM | To: [EMAIL PROTECTED] | Subject: Fw: [PATCH] Potential buffer overflow attach in mod_jk | | | Urm, let's try that again with a patch

Re: [PATCH] Potential buffer overflow attach in mod_jk

2001-09-26 Thread Andy Armstrong
+1 [EMAIL PROTECTED] wrote: > > On Wed, 26 Sep 2001, Ignacio J. Ortega wrote: > > > I think we need Bill Barker & Kin-Man Chung aboard already.. if we dont > > want to have more work that we already have integrating their patches.. > > > > Next can change subject and call this a vote about givi

RE: [PATCH] Potential buffer overflow attach in mod_jk

2001-09-26 Thread cmanolache
On Wed, 26 Sep 2001, Ignacio J. Ortega wrote: > I think we need Bill Barker & Kin-Man Chung aboard already.. if we dont > want to have more work that we already have integrating their patches.. > > Next can change subject and call this a vote about giving them committer > access ASAP :) +1 :-)

RE: [PATCH] Potential buffer overflow attach in mod_jk

2001-09-26 Thread Ignacio J. Ortega
-- > De: Bill Barker [mailto:[EMAIL PROTECTED]] > Enviado el: miƩrcoles 26 de septiembre de 2001 20:31 > Para: [EMAIL PROTECTED] > Asunto: [PATCH] Potential buffer overflow attach in mod_jk > > > While checking to see how mod_jk handled the ;jsessionid= in > the URL, I wa

Fw: [PATCH] Potential buffer overflow attach in mod_jk

2001-09-26 Thread Bill Barker
Urm, let's try that again with a patch that at least compiles.. - Original Message - From: "Bill Barker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 26, 2001 11:30 AM Subject: [PATCH] Potential buffer overflow attach in mod_jk

[PATCH] Potential buffer overflow attach in mod_jk

2001-09-26 Thread Bill Barker
While checking to see how mod_jk handled the ;jsessionid= in the URL, I was horrified to see how easily it would be to take control of the server with a relatively small buffer overflow. I'm not really an Apache person, so I'm certain that this can be improved on. ** This message is intend