From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id E96DF1F9FD for ; Wed, 17 Feb 2021 21:46:26 +0000 (UTC) Received: by mail-ej1-x631.google.com with SMTP id b14so19292363eju.7 for ; Wed, 17 Feb 2021 13:46:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=snyk.io; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FVyzsuN5YxxMSvZdKSt3xhKdrBNs/1+nAliLOk71aQU=; b=SgdNla5tochktqqWX/mG6db44N+nMxrqN+d7DkNfAHz6j+tNXnz8AdwS0mKbd043Uc K62qa8cekJvJV1ViX6VqmES3v8fOvKWlJ4ZlYL1Qupj4uWwPWyGPdX5OF82lvlhyinfD Q4QXXlJyuAcAO1tn2HhKsqyWao1RkTtjTcC4rosJMPahXplv7cmgupoaQ+AyMdeP2qct c0l5wyGpEdw4V6dYJQQD3zCepyTlddFjkYKnPLrEqY90b39UUmN5pnBTC/rOpq3GyBH8 Gb6AYjGZH0JQ3e5v+l0CIwcaMca8Svz34LfLKj2iWUYuyK/FGD6D1W3GZh3uvHSv1BwY 3YBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FVyzsuN5YxxMSvZdKSt3xhKdrBNs/1+nAliLOk71aQU=; b=Ho/uw1Yv9L5SZsKq4oF6UQdJ98YNVuGb4xybWxUwU0fuNapU4ut6PYX90ZJaHLKmdp SqlS2abhbM5k3N8+7HIEFBn1tBi903D1M9joTseVu3y5TFn/NPyL9Mzgs8NicS0aRtLC IriU1x0fUGzoOqRQ7Qy8jvZC7dX/Uc7KpVUX6V/q9Kkb9kcvCuAt2TLa00naRkBRHhkL uEWizhwZbtabelODB0Cc0f+Of3hcqbenbpLBi3QkcVEjwjMZcvKrN9/hBCRahtssTKsv Q9TLpM7MBcDbWNj4rZ+dW6CzYX2wtjuN7mvNcVqyMeuk4QwfWI/7E8cxpLOU/oWaoWCu ppJg== X-Gm-Message-State: AOAM531uk6dvu4CxZjZE5Wjl4mRZ3VpnzwmEPzlyKL96PEK7/xNVXk3D Hcb6ht1wXAaNBH1VsCiH6J6br4w82AWUWejYUsfCpzV78Is= X-Google-Smtp-Source: ABdhPJy1XibGWPD8dKOTR0gI7hkF5gRF9JtC4txu0lltcH4+m4Jx4mc3381JiEkeR5ZDgBgw3ZNd7zKfbdi5ozYxzh4= X-Received: by 2002:a17:906:1682:: with SMTP id s2mr1000808ejd.110.1613598383161; Wed, 17 Feb 2021 13:46:23 -0800 (PST) MIME-Version: 1.0 References: <20201126115902.GA8883@dcvr> <20210106175338.GA10985@dcvr> <20210114043706.GA31027@dcvr> <20210128223927.GA1497@dcvr> In-Reply-To: <20210128223927.GA1497@dcvr> From: Sam Sanoop Date: Wed, 17 Feb 2021 21:46:12 +0000 Message-ID: Subject: Re: [RFC] http_response: ignore invalid header response characters To: Eric Wong Cc: unicorn-public@yhbt.net Content-Type: text/plain; charset="UTF-8" List-Id: Since no one is against this patch being applied, and its been a few months since this discussion has been open. Can you look into this soon Eric? thanks. On Thu, Jan 28, 2021 at 10:39 PM Eric Wong wrote: > > Sam Sanoop wrote: > > Hi Eric, did you get a chance to look at this? any thoughts on patching? > > Not yet; still stuck and behind on another project... > > Was hoping maybe somebody else paying attention to unicorn-public > would chime in (no idea how many people read it between all > the archives and HTTPS/IMAP/NNTP endpoints). > > Maybe I'll have a chunk of time this weekend... -- Sam Sanoop Security Analyst