dgaudet 98/04/15 11:29:26
Modified: . STATUS
Log:
someone else needs to do this.
Revision Changes Path
1.297 +5 -10 apache-1.3/STATUS
Index: STATUS
===================================================================
RCS file: /export/home/cvs/apache-1.3/STATUS,v
retrieving revision 1.296
retrieving revision 1.297
diff -u -r1.296 -r1.297
--- STATUS 1998/04/15 17:50:22 1.296
+++ STATUS 1998/04/15 18:29:25 1.297
@@ -195,6 +195,11 @@
* proxy security fixes from 1.2.5 need to be brought forward
+ * Someone other than Dean has to do a security/correctness review on
+ psprintf(), bprintf(), and ap_snprintf(). In particular these routines
+ do lots of fun pointer manipulations and such and possibly have overflow
+ errors. The respective flush_funcs also need to be exercised.
+
Needs patch:
* Documentation for:
@@ -285,16 +290,6 @@
Randy: I would also argue that 1.3b6 is _not_ stable. I've been
having real fits keeping it alive on a dual processor
machine. Could be OS problems..
-
- * vformatter TODO:
- - double check logic in ap_vformatter(), and especially psprintf()
- - add in and use the inaddr formatting codes that started the whole
- debate last october
- - ... so that we can finally start fixing all the log messages that
- were previously log_reason(), which included the client address,
- but now using aplog_error() they're without the client address, and
- that sucks
- - bump mmn and make it official (wanna make sure the api is right first)
Win32 specific issues:
Modified: . STATUS
Log:
someone else needs to do this.
Revision Changes Path
1.297 +5 -10 apache-1.3/STATUS
Index: STATUS
===================================================================
RCS file: /export/home/cvs/apache-1.3/STATUS,v
retrieving revision 1.296
retrieving revision 1.297
diff -u -r1.296 -r1.297
--- STATUS 1998/04/15 17:50:22 1.296
+++ STATUS 1998/04/15 18:29:25 1.297
@@ -195,6 +195,11 @@
* proxy security fixes from 1.2.5 need to be brought forward
+ * Someone other than Dean has to do a security/correctness review on
+ psprintf(), bprintf(), and ap_snprintf(). In particular these routines
+ do lots of fun pointer manipulations and such and possibly have overflow
+ errors. The respective flush_funcs also need to be exercised.
+
Needs patch:
* Documentation for:
@@ -285,16 +290,6 @@
Randy: I would also argue that 1.3b6 is _not_ stable. I've been
having real fits keeping it alive on a dual processor
machine. Could be OS problems..
-
- * vformatter TODO:
- - double check logic in ap_vformatter(), and especially psprintf()
- - add in and use the inaddr formatting codes that started the whole
- debate last october
- - ... so that we can finally start fixing all the log messages that
- were previously log_reason(), which included the client address,
- but now using aplog_error() they're without the client address, and
- that sucks
- - bump mmn and make it official (wanna make sure the api is right first)
Win32 specific issues: