SECURITY: CVE-2012-0031 (cve.mitre.org)

author Jim Jagielski <jim@apache.org>

Sun, 30 Sep 2012 15:44:46 +0000 (15:44 +0000)

committer Jim Jagielski <jim@apache.org>

Sun, 30 Sep 2012 15:44:46 +0000 (15:44 +0000)
author Jim Jagielski <jim@apache.org>
Sun, 30 Sep 2012 15:44:46 +0000 (15:44 +0000)
committer Jim Jagielski <jim@apache.org>
Sun, 30 Sep 2012 15:44:46 +0000 (15:44 +0000)
diff --git a/CHANGES b/CHANGES

index 6e7f87ec65d03ac11945956bd33d18fc642ab92f..282ad34130865c73f953406192aef712a9ddfc59 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,11 @@
                                                           -*- coding: utf-8 -*-
  Changes with Apache 2.0.65
  
+  *) SECURITY: CVE-2012-0031 (cve.mitre.org)
+     Fix scoreboard issue which could allow an unprivileged child process 
+     could cause the parent to crash at shutdown rather than terminate 
+     cleanly.  [Joe Orton]
+
    *) SECURITY: CVE-2011-3607 (cve.mitre.org)
       core: Fix integer overflow in ap_pregsub. This can be triggered e.g.
       with mod_setenvif via a malicious .htaccess. [Stefan Fritsch]
diff --git a/STATUS b/STATUS

index b0402d5ba7639e45bd7edd2a50a00a32d32e647a..6ebae14b480371c720362dbb047e3544c5f68760 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -171,15 +171,6 @@ RELEASE SHOWSTOPPERS:
          http://people.apache.org/~trawick/2.0-CVE-2011-4317-r1235443.patch
         +1: trawick
  
-  *) SECURITY: CVE-2012-0031 (cve.mitre.org)
-     Fix scoreboard issue which could allow an unprivileged child process 
-     could cause the parent to crash at shutdown rather than terminate 
-     cleanly.  [Joe Orton]
-
-     r1231058 on 2.0.x:
-       http://people.apache.org/~trawick/2.0-CVE-2012-0031-r1231058.patch
-     +1: trawick, wrowe, rjung
-
    *) SECURITY: CVE-2012-0053 (cve.mitre.org)
       Fix an issue in error responses that could expose "httpOnly" cookies
       when no custom ErrorDocument is specified for status code 400.
diff --git a/server/scoreboard.c b/server/scoreboard.c

index c0b0ed05750ded3231c03568e718b0002b5c3821..9d074543388130fe80ad3abdc7b291f573dc8635 100644 (file)
--- a/server/scoreboard.c
+++ b/server/scoreboard.c
@@ -41,6 +41,8 @@ AP_DECLARE_DATA scoreboard *ap_scoreboard_image = NULL;
  AP_DECLARE_DATA const char *ap_scoreboard_fname = NULL;
  AP_DECLARE_DATA int ap_extended_status = 0;
  
+static ap_scoreboard_e scoreboard_type;
+
  #if APR_HAS_SHARED_MEMORY
  
  #include "apr_shm.h"
@@ -230,7 +232,7 @@ apr_status_t ap_cleanup_scoreboard(void *d)
      if (ap_scoreboard_image == NULL) {
          return APR_SUCCESS;
      }
-    if (ap_scoreboard_image->global->sb_type == SB_SHARED) {
+    if (scoreboard_type == SB_SHARED) {
          ap_cleanup_shared_mem(NULL);
      }
      else {
@@ -289,7 +291,7 @@ int ap_create_scoreboard(apr_pool_t *p, ap_scoreboard_e sb_type)
          ap_init_scoreboard(sb_mem);
      }
  
-    ap_scoreboard_image->global->sb_type = sb_type;
+    ap_scoreboard_image->global->sb_type = scoreboard_type = sb_type;
      ap_scoreboard_image->global->running_generation = running_gen;
      ap_scoreboard_image->global->restart_time = apr_time_now();
author	Jim Jagielski <jim@apache.org>
	Sun, 30 Sep 2012 15:44:46 +0000 (15:44 +0000)
committer	Jim Jagielski <jim@apache.org>
	Sun, 30 Sep 2012 15:44:46 +0000 (15:44 +0000)
CHANGES		patch \| blob \| blame \| history
STATUS		patch \| blob \| blame \| history
server/scoreboard.c		patch \| blob \| blame \| history