You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2009/11/16 13:33:39 UTC
DO NOT REPLY [Bug 48204] extended patch CVE-2009-3555-2.2.patch
handling request splicing in case of server initiated renegotiation
https://issues.apache.org/bugzilla/show_bug.cgi?id=48204
--- Comment #1 from Eric Covener <co...@gmail.com> 2009-11-16 04:33:39 UTC ---
> A simple countermeasure is to reset the buffer 'cbuf' of the decrypted data
> in case of a server initiated renegotiation. See the following patch of the
> method 'bio_filter_in_read(..) in ssl_engine_io.c
How does this not discard a legitimate clients request line?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org