> From: Amarendra Godbole [mailto:amarendra.godb...@gmail.com] > Subject: Revision 1601333 - Fix for CVE-2014-0227
> I have a query about the fix for request smuggling issue > (CVE-2014-0227) -- when I inspected revision 1601333, I fail to > understand what the fix is, since all the patch seems to do is some > i18n cleanup, and add a boolean variable "error". Or did I miss > something? You missed the code at the end of the module that sets the error flag, the new method to check the flag, and the call to that method. The checkError() method is invoked in the doRead() method to insure nothing more is processed in this request. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
