On Sun, Jan 2, 2011 at 02:34, Dmitry Semyonov wrote:
> I'm attaching new version of the patch. It fixes another missed crash
> at "else if (TLS_buffer[buf_end] != '\n')" line, as well as the same
> issues in duplicate code of SSL_readline().
Unfortunately, this was not enough. It is also necessar
I'm attaching new version of the patch. It fixes another missed crash
at "else if (TLS_buffer[buf_end] != '\n')" line, as well as the same
issues in duplicate code of SSL_readline().
P.S.
I have concerns about "i <= buf_end" inside another condition
branch. Most likely, it needs to be '<' instea
> I've just committed your patch to echoping and it seems to work
I also confirm that the patch fixed the crashes for me.
I should note that the problem HTTPS server is rather unstable (15.25%
failed requests over 10 days). Most likely the crash never happens
with properly working servers.
--
.
Package: echoping
Version: 6.0.2-3
Severity: grave
Tags: security patch
Justification: user security hole
I use Smokeping to monitor a number of external hosts. echoping is
called by EchoPingHttps Smokeping probe, and it crashes several times a
week, resulting in syslog error like:
Dec 11 00:13:
4 matches
Mail list logo
