You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Steve Hay <st...@googlemail.com> on 2022/09/29 11:15:44 UTC
Re: [RESULT: PASS] Re: [VOTE] Release libapreq2-2.17
On Thu, 25 Aug 2022 at 09:58, Joe Orton <jo...@redhat.com> wrote:
>
> Thanks for testing. The release is approved:
>
> PMC votes: +1 from ylavic, jfclere, jorton
>
> I will promote the release and announce it.
>
Thanks for this release. I didn't get round to uploading it to CPAN
yet, but a bug report has come in for it anyway:
https://rt.cpan.org/Public/Bug/Display.html?id=144470
Re: [RESULT: PASS] [VOTE] Release libapreq2-2.17
Posted by Ed Sabol <ed...@gmail.com>.
On Oct 12, 2022, at 9:47 AM, Yann Ylavic <yl...@gmail.com> wrote:
>
> On Thu, Sep 29, 2022 at 1:16 PM Steve Hay <st...@googlemail.com> wrote:
>>
>> On Thu, 25 Aug 2022 at 09:58, Joe Orton <jo...@redhat.com> wrote:
>>>
>>> Thanks for testing. The release is approved:
>>>
>>> PMC votes: +1 from ylavic, jfclere, jorton
>>>
>>> I will promote the release and announce it.
>>>
>>
>> Thanks for this release. I didn't get round to uploading it to CPAN
>> yet, but a bug report has come in for it anyway:
>>
>> https://rt.cpan.org/Public/Bug/Display.html?id=144470
>
> Do we have an example of a payload/upload which does not pass apreq's
> multipart parsing in 2.17?
I think the reporter is saying any zero-length file will trigger the hang? Have you tried testing multipart uploads with one of the uploads being a zero-length file, Yann?
I've looked over the diffs between 2.16 and 2.17. I noticed that several loops in consume_header_line() in library/parser_header.c have changed from
while (nlen > 0) { ... }
to
do { ... } while (nlen > 0);
(including glen and other variants) and the following lines were removed:
if (nlen == 0)
return APR_EBADARG;
With little familiarity with the code, I naively wonder if either or both of those might be the cause since the nlen == 0 case may not be handled now?
Of course, I would really expect the problem to be in library/parser_multipart.c, and there are lots of changes there but nothing that caught my eye as someone unfamiliar with the code.
Thanks,
Ed
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [RESULT: PASS] Re: [VOTE] Release libapreq2-2.17
Posted by Yann Ylavic <yl...@gmail.com>.
On Thu, Sep 29, 2022 at 1:16 PM Steve Hay <st...@googlemail.com> wrote:
>
> On Thu, 25 Aug 2022 at 09:58, Joe Orton <jo...@redhat.com> wrote:
> >
> > Thanks for testing. The release is approved:
> >
> > PMC votes: +1 from ylavic, jfclere, jorton
> >
> > I will promote the release and announce it.
> >
>
> Thanks for this release. I didn't get round to uploading it to CPAN
> yet, but a bug report has come in for it anyway:
>
> https://rt.cpan.org/Public/Bug/Display.html?id=144470
Do we have an example of a payload/upload which does not pass apreq's
multipart parsing in 2.17?
Regards;
Yann.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [RESULT: PASS] Re: [VOTE] Release libapreq2-2.17
Posted by Yann Ylavic <yl...@gmail.com>.
On Thu, Sep 29, 2022 at 1:16 PM Steve Hay <st...@googlemail.com> wrote:
>
> On Thu, 25 Aug 2022 at 09:58, Joe Orton <jo...@redhat.com> wrote:
> >
> > Thanks for testing. The release is approved:
> >
> > PMC votes: +1 from ylavic, jfclere, jorton
> >
> > I will promote the release and announce it.
> >
>
> Thanks for this release. I didn't get round to uploading it to CPAN
> yet, but a bug report has come in for it anyway:
>
> https://rt.cpan.org/Public/Bug/Display.html?id=144470
Do we have an example of a payload/upload which does not pass apreq's
multipart parsing in 2.17?
Regards;
Yann.