SECURITY: CVE-2010-0425 (cve.mitre.org)

mod_isapi: Do not unload an isapi .dll module until the request
processing is completed, avoiding orphaned callback pointers.

Submitted by: Brett Gervasoni <brettg senseofsecurity.com>, trawick
Reviewed by: trawick, wrowe

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@920961 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/arch/win32/mod_isapi.c b/modules/arch/win32/mod_isapi.c
index 8f4e56d36e663a58980b30cf8d960daa216934ea..859d5670df7bc4d72963b4d1104b82be55066ace 100644 (file)
--- a/modules/arch/win32/mod_isapi.c
+++ b/modules/arch/win32/mod_isapi.c
@@ -1537,7 +1537,6 @@ apr_status_t isapi_handler (request_rec *r)
     /* Set up client input */
     res = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR);
     if (res) {
-        isapi_unload(isa, 0);
         return res;
     }
 
@@ -1568,7 +1567,6 @@ apr_status_t isapi_handler (request_rec *r)
         }
 
         if (res < 0) {
-            isapi_unload(isa, 0);
             return HTTP_INTERNAL_SERVER_ERROR;
         }