This has yes, 2 sides to it, range accept and then another issue with doc_size, but i believe this one patch addresses both, atleast, the advisory that kcope just showed me put me onto the correct patch... tested, same httpd after patches applied thru freebsd-update,it appied the patches for range... anyhow here it is again for anyone who wants to look at it...attached unified diff patch for the whole issue of 0- and doc_size , but i still think the framework is abit shaky :s anyhow, patch up if ya need to... otherwise, be eaten by shkidz xd On 24 August 2011 13:57, Michal Zalewski <lcamtuf@xxxxxxxxxxx> wrote: > > http://www.gossamer-threads.com/lists/apache/dev/401638 > > FWIW, I pointed out the DoS-iness of their Range handling a while ago: > http://seclists.org/bugtraq/2007/Jan/83 > > /mz > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Attachment:
merge_ranges.diff
Description: Binary data
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/