|
|
|
|
|
|
by eqvinox
10 days ago
|
|
|
> We disclosed to Apache on May 27, and Stefan Eissing fixed it on the same day by making cookie headers count against LimitRequestFields. I was about to say, the bug here isn't in the protocol, it's that memory use isn't being counted & limited as it should... and, yeah. I'm a bit surprised this happened to Apache, though. APR uses pool allocators. That should be easy enough to track and limit... |
|
|