You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2014/07/15 13:15:27 UTC
svn commit: r1610652 - /httpd/httpd/trunk/server/mpm/winnt/child.c
Author: trawick
Date: Tue Jul 15 11:15:26 2014
New Revision: 1610652
URL: http://svn.apache.org/r1610652
Log:
SECURITY (CVE-2014-0226): Fix a memory consumption denial of
service in the WinNT MPM used in all Windows installations.
Workaround: AcceptFilter <protocol> {none|connect}
Submitted by: trawick
Reviewed by: jorton, covener, jim
Modified:
httpd/httpd/trunk/server/mpm/winnt/child.c
Modified: httpd/httpd/trunk/server/mpm/winnt/child.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/winnt/child.c?rev=1610652&r1=1610651&r2=1610652&view=diff
==============================================================================
--- httpd/httpd/trunk/server/mpm/winnt/child.c (original)
+++ httpd/httpd/trunk/server/mpm/winnt/child.c Tue Jul 15 11:15:26 2014
@@ -601,8 +601,12 @@ reinit: /* target of data or connect upo
b->length = BytesRead;
context->overlapped.Pointer = b;
}
- else
+ else {
+ if (accf == 2) {
+ apr_bucket_free(buf);
+ }
context->overlapped.Pointer = NULL;
+ }
}
else /* (accf = 0) e.g. 'none' */
{