Skip to content

Commit e9602ae

Browse files
committed
SECURITY: CVE-2010-0425 (cve.mitre.org)
mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. Submitted by: Brett Gervasoni <brettg senseofsecurity.com>, trawick Reviewed by: trawick, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@917870 13f79535-47bb-0310-9956-ffa450edef68
1 parent 3e64d02 commit e9602ae

2 files changed

Lines changed: 6 additions & 3 deletions

File tree

CHANGES

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,12 @@
1-
-*- coding: utf-8 -*-
1+
-*- coding: utf-8 -*-
22

33
Changes with Apache 2.3.7
44

5+
*) SECURITY: CVE-2010-0425 (cve.mitre.org)
6+
mod_isapi: Do not unload an isapi .dll module until the request
7+
processing is completed, avoiding orphaned callback pointers.
8+
[Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
9+
510
*) support/rotatelogs: Add -L option to create a link to the current
611
log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
712

modules/arch/win32/mod_isapi.c

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1503,7 +1503,6 @@ apr_status_t isapi_handler (request_rec *r)
15031503
/* Set up client input */
15041504
res = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR);
15051505
if (res) {
1506-
isapi_unload(isa, 0);
15071506
return res;
15081507
}
15091508

@@ -1534,7 +1533,6 @@ apr_status_t isapi_handler (request_rec *r)
15341533
}
15351534

15361535
if (res < 0) {
1537-
isapi_unload(isa, 0);
15381536
return HTTP_INTERNAL_SERVER_ERROR;
15391537
}
15401538

0 commit comments

Comments
 (0)