Hrm. Yeah... I guess for a Windows shell extension, that is a significant
distinction.
Thx
-g
On Feb 9, 2012 10:39 PM, "Daniel Shahaf" <danielsh_at_elego.de> wrote:
> Old code allows malicious servers to abort() the process libsvn is
> linked to, new code doesn't.
>
> Greg Stein wrote on Thu, Feb 09, 2012 at 22:14:39 -0500:
> > DoS? With the old code: the client died. With the new code: the client
> > dies. No change that I'm aware of, other than a nicer error message.
> >
> > It seems the justification would be, "nicer error message" rather than
> > anything about DoS.
> >
> > Cheers,
> > -g
> > On Feb 9, 2012 6:46 PM, <danielsh_at_apache.org> wrote:
> >
> > > Author: danielsh
> > > Date: Thu Feb 9 23:46:06 2012
> > > New Revision: 1242608
> > >
> > > URL: http://svn.apache.org/viewvc?rev=1242608&view=rev
> > > Log:
> > > Nominate r1242607.
> > >
> > > Modified:
> > > subversion/branches/1.7.x/STATUS
> > >
> > > Modified: subversion/branches/1.7.x/STATUS
> > > URL:
> > >
> http://svn.apache.org/viewvc/subversion/branches/1.7.x/STATUS?rev=1242608&r1=1242607&r2=1242608&view=diff
> > >
> > >
> ==============================================================================
> > > --- subversion/branches/1.7.x/STATUS (original)
> > > +++ subversion/branches/1.7.x/STATUS Thu Feb 9 23:46:06 2012
> > > @@ -85,6 +85,13 @@ Candidate changes:
> > > Votes:
> > > +1: philip
> > >
> > > + * r1242607
> > > + Convert ra_serf assertions to errors.
> > > + Justification:
> > > + Malicious server can DoS clients.
> > > + Votes:
> > > + +1: danielsh
> > > +
> > > Veto-blocked changes:
> > > =====================
> > >
> > >
> > >
> > >
>
Received on 2012-02-10 04:47:44 CET