You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2005/10/01 13:02:16 UTC

svn commit: r292949 - in /httpd/httpd/branches/2.2.x: CHANGES server/mpm/worker/worker.c

Author: trawick
Date: Sat Oct  1 04:02:10 2005
New Revision: 292949

URL: http://svn.apache.org/viewcvs?rev=292949&view=rev
Log:
merge from trunk:

*) SECURITY: CAN-2005-2970 (cve.mitre.org)
     worker MPM: Fix a memory leak which can occur after an aborted
     connection in some limited circumstances.  [Greg Ames, Jeff Trawick]


Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/server/mpm/worker/worker.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/CHANGES?rev=292949&r1=292948&r2=292949&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Sat Oct  1 04:02:10 2005
@@ -1,6 +1,10 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.1.9
 
+  *) SECURITY: CAN-2005-2970 (cve.mitre.org)
+     worker MPM: Fix a memory leak which can occur after an aborted
+     connection in some limited circumstances.  [Greg Ames, Jeff Trawick]
+
   *) Doxygen fixup [Neale Ranns <neale ranns.org>, Ian Holsman]
 
   *) mod_cache/mod_dir: Correct a subrequest lookup bug which was preventing

Modified: httpd/httpd/branches/2.2.x/server/mpm/worker/worker.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/server/mpm/worker/worker.c?rev=292949&r1=292948&r2=292949&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/mpm/worker/worker.c (original)
+++ httpd/httpd/branches/2.2.x/server/mpm/worker/worker.c Sat Oct  1 04:02:10 2005
@@ -724,6 +724,7 @@
             }
             else {
                 ptrans = recycled_pool;
+                recycled_pool = NULL;
             }
             apr_pool_tag(ptrans, "transaction");
             rv = lr->accept_func(&csd, lr, ptrans);
@@ -760,10 +761,14 @@
                     apr_socket_close(csd);
                     ap_log_error(APLOG_MARK, APLOG_CRIT, rv, ap_server_conf,
                                  "ap_queue_push failed");
+                    recycled_pool = ptrans;
                 }
                 else {
                     have_idle_worker = 0;
                 }
+            }
+            else {
+                recycled_pool = ptrans;
             }
         }
         else {