You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2010/03/09 17:21:12 UTC
svn commit: r920961 -
/httpd/httpd/branches/2.0.x/modules/arch/win32/mod_isapi.c
Author: wrowe
Date: Tue Mar 9 16:21:12 2010
New Revision: 920961
URL: http://svn.apache.org/viewvc?rev=920961&view=rev
Log:
SECURITY: CVE-2010-0425 (cve.mitre.org)
mod_isapi: Do not unload an isapi .dll module until the request
processing is completed, avoiding orphaned callback pointers.
Submitted by: Brett Gervasoni <brettg senseofsecurity.com>, trawick
Reviewed by: trawick, wrowe
Modified:
httpd/httpd/branches/2.0.x/modules/arch/win32/mod_isapi.c
Modified: httpd/httpd/branches/2.0.x/modules/arch/win32/mod_isapi.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/modules/arch/win32/mod_isapi.c?rev=920961&r1=920960&r2=920961&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/arch/win32/mod_isapi.c (original)
+++ httpd/httpd/branches/2.0.x/modules/arch/win32/mod_isapi.c Tue Mar 9 16:21:12 2010
@@ -1537,7 +1537,6 @@ apr_status_t isapi_handler (request_rec
/* Set up client input */
res = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR);
if (res) {
- isapi_unload(isa, 0);
return res;
}
@@ -1568,7 +1567,6 @@ apr_status_t isapi_handler (request_rec
}
if (res < 0) {
- isapi_unload(isa, 0);
return HTTP_INTERNAL_SERVER_ERROR;
}