public inbox for ecos-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug 1000375] ATHTTPD security endless loop in invalid-Authorization parse
@ 2007-06-15 20:31 bugzilla-daemon
0 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2007-06-15 20:31 UTC (permalink / raw)
To: ecos-bugs
https://bugzilla.ecoscentric.com/show_bug.cgi?id=1000375
bugzilla_rmvthis@ds3switch.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |MODIFIED
------- Additional Comments From bugzilla_rmvthis@ds3switch.com 2007-06-15 21:31 -------
I think Anthony's fix is good. This is too old for me to remember. My fix was just a ++p, but I think his while...++p is more robust.
--
Configure bugmail: https://bugzilla.ecoscentric.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 1000375] ATHTTPD security endless loop in invalid-Authorization parse
@ 2007-06-12 21:15 bugzilla-daemon
0 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2007-06-12 21:15 UTC (permalink / raw)
To: ecos-bugs
https://bugzilla.ecoscentric.com/show_bug.cgi?id=1000375
andrew.lunn@ascom.ch changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEEDINFO
------- Additional Comments From andrew.lunn@ascom.ch 2007-06-12 22:15 -------
Changed to status to NEEDINFO to make it clear we are waiting on Tad for input.
--
Configure bugmail: https://bugzilla.ecoscentric.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 1000375] ATHTTPD security endless loop in invalid-Authorization parse
@ 2007-06-12 21:07 bugzilla-daemon
0 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2007-06-12 21:07 UTC (permalink / raw)
To: ecos-bugs
https://bugzilla.ecoscentric.com/show_bug.cgi?id=1000375
andrew.lunn@ascom.ch changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |andrew.lunn@ascom.ch
Component|Other |ATHTTPD webserver
--
Configure bugmail: https://bugzilla.ecoscentric.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 1000375] ATHTTPD security endless loop in invalid-Authorization parse
@ 2007-06-12 15:37 bugzilla-daemon
0 siblings, 0 replies; 4+ messages in thread
From: bugzilla-daemon @ 2007-06-12 15:37 UTC (permalink / raw)
To: ecos-bugs
https://bugzilla.ecoscentric.com/show_bug.cgi?id=1000375
------- Additional Comments From atonizzo@gmail.com 2007-06-12 16:37 -------
If I understand correctly the proposed change would be this:
else if (strncasecmp(p, "uri=", 4) == 0)
p = cyg_httpd_digest_skip(p+4);
+ else
+ while ((*p != '\r') && (*p != '\n') && (*p != ' '))
+ p++
}
This would discard any unrecognized token all the way to the first
line terminators or blank space. Would this fix the problem?
--
Configure bugmail: https://bugzilla.ecoscentric.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-06-15 20:31 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-06-15 20:31 [Bug 1000375] ATHTTPD security endless loop in invalid-Authorization parse bugzilla-daemon
-- strict thread matches above, loose matches on Subject: below --
2007-06-12 21:15 bugzilla-daemon
2007-06-12 21:07 bugzilla-daemon
2007-06-12 15:37 bugzilla-daemon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).