You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by tr...@apache.org on 2014/07/15 13:15:27 UTC

svn commit: r1610652 - /httpd/httpd/trunk/server/mpm/winnt/child.c

Author: trawick
Date: Tue Jul 15 11:15:26 2014
New Revision: 1610652

URL: http://svn.apache.org/r1610652
Log:
SECURITY (CVE-2014-0226): Fix a memory consumption denial of
service in the WinNT MPM used in all Windows installations.
Workaround: AcceptFilter <protocol> {none|connect}

Submitted by: trawick
Reviewed by: jorton, covener, jim

Modified:
    httpd/httpd/trunk/server/mpm/winnt/child.c

Modified: httpd/httpd/trunk/server/mpm/winnt/child.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/winnt/child.c?rev=1610652&r1=1610651&r2=1610652&view=diff
==============================================================================
--- httpd/httpd/trunk/server/mpm/winnt/child.c (original)
+++ httpd/httpd/trunk/server/mpm/winnt/child.c Tue Jul 15 11:15:26 2014
@@ -601,8 +601,12 @@ reinit: /* target of data or connect upo
                 b->length = BytesRead;
                 context->overlapped.Pointer = b;
             }
-            else
+            else {
+                if (accf == 2) {
+                    apr_bucket_free(buf);
+                }
                 context->overlapped.Pointer = NULL;
+            }
         }
         else /* (accf = 0)  e.g. 'none' */
         {