Age | Commit message (Collapse) | Author |
|
bmk/megaco/flex_buffer_overrun_while_scanning_prop_parms/OTP-10998/r13
Conflicts:
lib/megaco/src/flex/megaco_flex_scanner_drv.flex.src
|
|
|
|
At the end of the mfs_load_property_groups function, the
final property group list and property groups list is
"terminated". A call to mfs_ensure_term_spec with (incorrect)
size 4 was made prior to this to ensure enough data was available.
The correct size was 6!
|
|
|
|
|
|
There seem to be some problem with realloc (core dump)
so the calculation of the term_spec size needs to be
"corrected".
|
|
|
|
|
|
|
|
|
|
|
|
* pan/heart_and_times/OTP-10111:
Make heart use clock_gettime when available
|
|
|
|
* bmk/snmp/snmp4174_integration/r13:
[snmp/agent] Add proper release notes
[snmp/agent] Wrong OID used for error message reply
[snmp/agent] Added backup check for local_db
[snmp/agent] Simultaneous snmpa:backup/1,2 calls interfere
|
|
'bmk/snmp/agent/wrong_oid_for_snmpUnknownPDUHandlers2/OTP-9747/r13' into bmk/snmp/snmp4174_integration/r13
Conflicts:
lib/snmp/doc/src/notes.xml
lib/snmp/src/app/snmp.appup.src
lib/snmp/vsn.mk
|
|
bmk/snmp/snmp4174_integration/r13
|
|
OTP-9884
|
|
When sending an error message (reply) regarding
snmpUnknownPDUHandlers, the agent used the wrong OID.
OTP-9747
|
|
Added a backup check also for local_db (same as for the
mib-server). Updated appup and set proper version (vsn.mk).
Finally added test case for issue.
OTP-9884
|
|
Simultaneous snmpa#backup">snmpa:backup/1,2 calls interfere.
The master agent did not check if a backup was already in
progress when a backup request was accepted
OTP-9884
|
|
* bmk/snmp/snmp4173_integration/r13:
[snmp/agent] Incorrect mib server cache gclimit update
[snmp] Updated doc and fixed wrequest create macros
[snmp] Be more verbose in the worker procs
[snmp] Add a more informative return value when the trap sending fails
[snmp] Fixed the mt_trap test-case
[snmp] Maximum number of varbinds in a Get-BULK response
[snmp] Correted the expect bug in the snmp test utility
[snmp] Mostly added some more verbosity stuff
|
|
bmk/snmp/snmp4173_integration/r13
Conflicts:
lib/snmp/doc/src/notes.xml
lib/snmp/src/app/snmp.appup.src
lib/snmp/vsn.mk
|
|
bmk/snmp/snmp4173_integration/r13
|
|
Mib server cache gclimit update function incorrectly calls
age update function. The gclimit update function update_mibs_cache_gclimit/1
incorrectly called update_mibs_cache_age/2 update function.
OTP-9868
|
|
Release notes updated, together with documentation of the
new config option. Also fixed the wrequest create
macros (forgot end parantesis).
OTP-9700
|
|
Add a verbosity printout for results of the requests sent to it).
Also fixed handling sent_trap and appup.
OTP-9700
|
|
OTP-9700
|
|
It has long been broken, but this fact was hidden by the
faulty expect functions.
OTP-9700
|
|
As a means to prevent DoS, maximum number of varbinds
in a Get-BULK response has been limited.
Also, made some changes to the worker process "API".
OTP-9700.
|
|
This bug will in turn will trigger some other bugs
(in the agent), these will be dealt with later.
OTP-9700
|
|
OTP-9700
|
|
* bmk/inets/inets536_integration:
[httpd] GET request with malformed header date caused server crash (non-fatal) with no reply to client. Will now result in a reply with status code 400. OTP-9674
Added versions 5.2, 5.1.3 and 5.1.2 again. OTP-9655
Uncommented ipv6 test cases. OTP-9655
Fixed HTML encode. First *try* to hex decode uri, and then do the actual html encode. OTP-9655
Skip catching hex decode failure. OTP-9655
Fixed hex-decoding. OTP-9655
Problems with proxy test cases. OTP-9655
Added release notes, appup and correct version. OTP-9655
The XSS prevention methods used was confused if the URL was encoded (hex-encoded). OTP-9655
|
|
server crash (non-fatal) with no reply to client. Will
now result in a reply with status code 400.
OTP-9674
Merge branch 'bmk/inets/httpd/xss_with_bad_header_date/OTP-9674' into bmk/inets/inets536_integration
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/inets_app/inets.appup.src
lib/inets/test/httpd_test_lib.erl
lib/inets/vsn.mk
|
|
OTP-9655
Merge branch 'bmk/inets/httpd/xss_when_erl_encoded/r13/OTP-9655' into bmk/inets/inets536_integration
|
|
server crash (non-fatal) with no reply to client. Will
now result in a reply with status code 400.
OTP-9674
|
|
OTP-9655
|
|
OTP-9655
|
|
do the actual html encode.
OTP-9655
|
|
OTP-9655
|
|
OTP-9655
|
|
OTP-9655
|
|
OTP-9655
|
|
bmk/inets/httpd/xss_when_erl_encoded/OTP-9655
|
|
URL was encoded (hex-encoded).
OTP-9655
|
|
|
|
* raimo/sctp-getsetopts/OTP-9544:
erts,kernel: Bugfix - read SCTP socket options from right protocol layer
erts: Fix bug SCTP send can only be called from controlling process
|
|
Socket options 'sndbuf', 'recbuf' and 'linger were read from
the SCTP protocol layer instead of from the socket protocol layer.
Conflicts:
lib/kernel/test/gen_sctp_SUITE.erl
|
|
Conflicts:
lib/kernel/test/gen_sctp_SUITE.erl
|
|
maint-r13
* bmk/inets/httpd/cross_site_scripting_attacks/OTP-9535:
Updated http-server to make sure URLs in error-messages are URL-encoded. Added support in http-client to use URL-encoding. Also added the missing include directory for the inets application.
|
|
are URL-encoded. Added support in http-client to use
URL-encoding. Also added the missing include directory
for the inets application.
OTP-8940
[httpd] Prevent XSS in error pages.
Prevent user controlled input from being interpreted
as HTML in error pages by encoding the reserved HTML
characters.
Michael Santos
OTP-9124
|