You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by wr...@apache.org on 2010/03/09 17:21:12 UTC

svn commit: r920961 - /httpd/httpd/branches/2.0.x/modules/arch/win32/mod_isapi.c

Author: wrowe
Date: Tue Mar  9 16:21:12 2010
New Revision: 920961

URL: http://svn.apache.org/viewvc?rev=920961&view=rev
Log:
SECURITY: CVE-2010-0425 (cve.mitre.org)

mod_isapi: Do not unload an isapi .dll module until the request
processing is completed, avoiding orphaned callback pointers.

Submitted by: Brett Gervasoni <brettg senseofsecurity.com>, trawick
Reviewed by: trawick, wrowe

Modified:
    httpd/httpd/branches/2.0.x/modules/arch/win32/mod_isapi.c

Modified: httpd/httpd/branches/2.0.x/modules/arch/win32/mod_isapi.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/modules/arch/win32/mod_isapi.c?rev=920961&r1=920960&r2=920961&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/arch/win32/mod_isapi.c (original)
+++ httpd/httpd/branches/2.0.x/modules/arch/win32/mod_isapi.c Tue Mar  9 16:21:12 2010
@@ -1537,7 +1537,6 @@ apr_status_t isapi_handler (request_rec 
     /* Set up client input */
     res = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR);
     if (res) {
-        isapi_unload(isa, 0);
         return res;
     }
 
@@ -1568,7 +1567,6 @@ apr_status_t isapi_handler (request_rec 
         }
 
         if (res < 0) {
-            isapi_unload(isa, 0);
             return HTTP_INTERNAL_SERVER_ERROR;
         }