You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2010/03/09 17:48:25 UTC

svn commit: r112 - in /release/httpd/patches: apply_to_2.0.63/CVE-2010-0425.patch apply_to_2.2.14/CVE-2010-0425.patch

Author: wrowe
Date: Tue Mar  9 11:48:24 2010
New Revision: 112

Log:
Record available patch

Added:
    release/httpd/patches/apply_to_2.0.63/CVE-2010-0425.patch
    release/httpd/patches/apply_to_2.2.14/CVE-2010-0425.patch

Added: release/httpd/patches/apply_to_2.0.63/CVE-2010-0425.patch
==============================================================================
--- release/httpd/patches/apply_to_2.0.63/CVE-2010-0425.patch (added)
+++ release/httpd/patches/apply_to_2.0.63/CVE-2010-0425.patch Tue Mar  9 11:48:24 2010
@@ -0,0 +1,33 @@
+# SECURITY: CVE-2010-0425 (cve.mitre.org)
+# 
+# mod_isapi: Do not unload an isapi .dll module until the request
+# processing is completed, avoiding orphaned callback pointers.
+# 
+# Submitted by: Brett Gervasoni <brettg senseofsecurity.com>, trawick
+# Reviewed by: trawick, wrowe
+# Backports: r917870
+
+Modified: httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c
+URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c?rev=917871&r1=917870&r2=917871&view=diff
+==============================================================================
+--- httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c (original)
++++ httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c Tue Mar  2 04:30:53 2010
+@@ -1503,7 +1503,6 @@
+     /* Set up client input */
+     res = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR);
+     if (res) {
+-        isapi_unload(isa, 0);
+         return res;
+     }
+ 
+@@ -1534,7 +1533,6 @@
+         }
+ 
+         if (res < 0) {
+-            isapi_unload(isa, 0);
+             return HTTP_INTERNAL_SERVER_ERROR;
+         }
+ 
+
+
+

Added: release/httpd/patches/apply_to_2.2.14/CVE-2010-0425.patch
==============================================================================
--- release/httpd/patches/apply_to_2.2.14/CVE-2010-0425.patch (added)
+++ release/httpd/patches/apply_to_2.2.14/CVE-2010-0425.patch Tue Mar  9 11:48:24 2010
@@ -0,0 +1,33 @@
+# SECURITY: CVE-2010-0425 (cve.mitre.org)
+# 
+# mod_isapi: Do not unload an isapi .dll module until the request
+# processing is completed, avoiding orphaned callback pointers.
+# 
+# Submitted by: Brett Gervasoni <brettg senseofsecurity.com>, trawick
+# Reviewed by: trawick, wrowe
+# Backports: r917870
+
+Modified: httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c
+URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c?rev=917871&r1=917870&r2=917871&view=diff
+==============================================================================
+--- httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c (original)
++++ httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c Tue Mar  2 04:30:53 2010
+@@ -1503,7 +1503,6 @@
+     /* Set up client input */
+     res = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR);
+     if (res) {
+-        isapi_unload(isa, 0);
+         return res;
+     }
+ 
+@@ -1534,7 +1533,6 @@
+         }
+ 
+         if (res < 0) {
+-            isapi_unload(isa, 0);
+             return HTTP_INTERNAL_SERVER_ERROR;
+         }
+ 
+
+
+