You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jeff Trawick <tr...@gmail.com> on 2005/09/10 15:22:59 UTC
Re: svn commit: r239377 - /httpd/httpd/branches/2.0.x/STATUS
On 8/23/05, jorton@apache.org <jo...@apache.org> wrote:
> Author: jorton
> Date: Tue Aug 23 01:24:52 2005
> New Revision: 239377
>
> URL: http://svn.apache.org/viewcvs?rev=239377&view=rev
> Log:
> Propose backport of pcre fix.
>
> Modified:
> httpd/httpd/branches/2.0.x/STATUS
>
> Modified: httpd/httpd/branches/2.0.x/STATUS
> URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/STATUS?rev=239377&r1=239376&r2=239377&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.0.x/STATUS (original)
> +++ httpd/httpd/branches/2.0.x/STATUS Tue Aug 23 01:24:52 2005
> @@ -216,6 +216,12 @@
> [ please place SVN revisions from trunk here, so it is easy to
> identify exactly what the proposed changes are! ]
>
> + *) Fix CAN-2005-2491, integer overflow in pcre.
> + http://svn.apache.org/viewcvs?rev=233493&view=rev
> + rediff for 2.0: http://people.apache.org/~jorton/CAN-2005-2491.patch
> + test case: perl-framework/t/security/CAN-2005-2491.t
> + +1: jorton
BTW, what should I expect to get when I run the 2491.t-type test?
with 2.0.54 and a test extracted from the perl-framework, I see
RewriteRule: cannot compile regular expression 'a{111111111111111111}'
or
RewriteRule: cannot compile regular expression 'a{1,11111111111111111111}'
on Linux/x86. Is my testing hosed (i.e., should I expect it to segfault)?
Re: svn commit: r239377 - /httpd/httpd/branches/2.0.x/STATUS
Posted by Jeff Trawick <tr...@gmail.com>.
On 9/12/05, Joe Orton <jo...@redhat.com> wrote:
> On Sat, Sep 10, 2005 at 09:22:59AM -0400, Jeff Trawick wrote:
> > On 8/23/05, jorton@apache.org <jo...@apache.org> wrote:
> > > + *) Fix CAN-2005-2491, integer overflow in pcre.
> > > + http://svn.apache.org/viewcvs?rev=233493&view=rev
> > > + rediff for 2.0: http://people.apache.org/~jorton/CAN-2005-2491.patch
> > > + test case: perl-framework/t/security/CAN-2005-2491.t
> > > + +1: jorton
> >
> > BTW, what should I expect to get when I run the 2491.t-type test?
>
> With 2.0.54 you should get either a pass or a segfault depending on the
> direction of the wind (unfortunately); if you enable malloc checking in
> libc it is very likely to segfault - "export MALLOC_CHECK_=2" for glibc.
[notice] child pid 3416 exit signal Aborted (6)
(thanks ;) )
Re: svn commit: r239377 - /httpd/httpd/branches/2.0.x/STATUS
Posted by Joe Orton <jo...@redhat.com>.
On Sat, Sep 10, 2005 at 09:22:59AM -0400, Jeff Trawick wrote:
> On 8/23/05, jorton@apache.org <jo...@apache.org> wrote:
> > + *) Fix CAN-2005-2491, integer overflow in pcre.
> > + http://svn.apache.org/viewcvs?rev=233493&view=rev
> > + rediff for 2.0: http://people.apache.org/~jorton/CAN-2005-2491.patch
> > + test case: perl-framework/t/security/CAN-2005-2491.t
> > + +1: jorton
>
> BTW, what should I expect to get when I run the 2491.t-type test?
With 2.0.54 you should get either a pass or a segfault depending on the
direction of the wind (unfortunately); if you enable malloc checking in
libc it is very likely to segfault - "export MALLOC_CHECK_=2" for glibc.
joe