Closed GoogleCodeExporter closed 9 years ago
The patch is quite involved but we can simplify it by removing the option
switches.
Original comment by classi...@floodgap.com
on 10 Oct 2011 at 9:04
The first set of changes are in ssl3_SendRecord.
Original comment by classi...@floodgap.com
on 10 Oct 2011 at 9:47
This will be a problem; ssl3_SendRecord has everything in it (i.e., there is no
ssl3_CompressMACEncryptRecord for the patch to call).
Original comment by classi...@floodgap.com
on 10 Oct 2011 at 9:52
We could change the while (bytes > 0) loop. contentLen would always be 1 the
first go-around.
Original comment by classi...@floodgap.com
on 10 Oct 2011 at 10:00
This didn't work on all sites.
After formal review, determining that while the theoretical vulnerability
exists, there is no effective way to trigger it in Classilla, and fixing it
will likely introduce more bugs for no good reason. Closing WontFix.
Original comment by classi...@floodgap.com
on 11 Oct 2011 at 12:34
Original issue reported on code.google.com by
classi...@floodgap.com
on 10 Oct 2011 at 9:02