This has no security impact since the browser cannot be tricked
into sending arbitrary method strings. [Jeff Trawick]
+ *) mod_ssl: Fix SSL client certificate extensions parsing bug. PR 44073.
+ [yl <yl bee-ware.net>]
+
*) mod_proxy_ajp: Use 64K as maximum AJP packet size. This is the maximum
length we can squeeze inside the AJP message packet.
[Mladen Turk]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_ssl: Correctly terminate string in SSL client certificate extensions
- parsing by ensuring that it always has a \0 at the end.
- PR: 44073
- Trunk version of patch:
- Trunk changed in http://svn.apache.org/viewvc?view=rev&revision=289444
- in a way that IMHO is not backportable (due to the changes done in
- mod_ssl.h).
- Backport version for 2.2.x of patch:
- http://people.apache.org/~rpluem/patches/foreign_patches/44073_2.2.x.diff
- +1: rpluem, jorton, trawick
- jorton: s/pstrndup/pstrmemdup/ would be better but it works either way
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
BIO_get_mem_ptr(bio, &buf);
- *new = apr_pstrdup(r->pool, buf->data);
+ *new = apr_pstrmemdup(r->pool, buf->data, buf->length);
}
BIO_vfree(bio);
projects / thirdparty / apache / httpd.git / commitdiff
