You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2010/03/09 17:48:25 UTC
svn commit: r112 - in /release/httpd/patches:
apply_to_2.0.63/CVE-2010-0425.patch apply_to_2.2.14/CVE-2010-0425.patch
Author: wrowe
Date: Tue Mar 9 11:48:24 2010
New Revision: 112
Log:
Record available patch
Added:
release/httpd/patches/apply_to_2.0.63/CVE-2010-0425.patch
release/httpd/patches/apply_to_2.2.14/CVE-2010-0425.patch
Added: release/httpd/patches/apply_to_2.0.63/CVE-2010-0425.patch
==============================================================================
--- release/httpd/patches/apply_to_2.0.63/CVE-2010-0425.patch (added)
+++ release/httpd/patches/apply_to_2.0.63/CVE-2010-0425.patch Tue Mar 9 11:48:24 2010
@@ -0,0 +1,33 @@
+# SECURITY: CVE-2010-0425 (cve.mitre.org)
+#
+# mod_isapi: Do not unload an isapi .dll module until the request
+# processing is completed, avoiding orphaned callback pointers.
+#
+# Submitted by: Brett Gervasoni <brettg senseofsecurity.com>, trawick
+# Reviewed by: trawick, wrowe
+# Backports: r917870
+
+Modified: httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c
+URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c?rev=917871&r1=917870&r2=917871&view=diff
+==============================================================================
+--- httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c (original)
++++ httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c Tue Mar 2 04:30:53 2010
+@@ -1503,7 +1503,6 @@
+ /* Set up client input */
+ res = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR);
+ if (res) {
+- isapi_unload(isa, 0);
+ return res;
+ }
+
+@@ -1534,7 +1533,6 @@
+ }
+
+ if (res < 0) {
+- isapi_unload(isa, 0);
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+
+
+
Added: release/httpd/patches/apply_to_2.2.14/CVE-2010-0425.patch
==============================================================================
--- release/httpd/patches/apply_to_2.2.14/CVE-2010-0425.patch (added)
+++ release/httpd/patches/apply_to_2.2.14/CVE-2010-0425.patch Tue Mar 9 11:48:24 2010
@@ -0,0 +1,33 @@
+# SECURITY: CVE-2010-0425 (cve.mitre.org)
+#
+# mod_isapi: Do not unload an isapi .dll module until the request
+# processing is completed, avoiding orphaned callback pointers.
+#
+# Submitted by: Brett Gervasoni <brettg senseofsecurity.com>, trawick
+# Reviewed by: trawick, wrowe
+# Backports: r917870
+
+Modified: httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c
+URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c?rev=917871&r1=917870&r2=917871&view=diff
+==============================================================================
+--- httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c (original)
++++ httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c Tue Mar 2 04:30:53 2010
+@@ -1503,7 +1503,6 @@
+ /* Set up client input */
+ res = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR);
+ if (res) {
+- isapi_unload(isa, 0);
+ return res;
+ }
+
+@@ -1534,7 +1533,6 @@
+ }
+
+ if (res < 0) {
+- isapi_unload(isa, 0);
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+
+
+