From: William A. Rowe Jr Date: Tue, 9 Mar 2010 16:21:12 +0000 (+0000) Subject: SECURITY: CVE-2010-0425 (cve.mitre.org) X-Git-Tag: 2.0.64~70 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=82376adb3ec3b274b5fd7ce7f3980bede25f1d0d;p=thirdparty%2Fapache%2Fhttpd.git SECURITY: CVE-2010-0425 (cve.mitre.org) mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. Submitted by: Brett Gervasoni , trawick Reviewed by: trawick, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@920961 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/arch/win32/mod_isapi.c b/modules/arch/win32/mod_isapi.c index 8f4e56d36e6..859d5670df7 100644 --- a/modules/arch/win32/mod_isapi.c +++ b/modules/arch/win32/mod_isapi.c @@ -1537,7 +1537,6 @@ apr_status_t isapi_handler (request_rec *r) /* Set up client input */ res = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR); if (res) { - isapi_unload(isa, 0); return res; } @@ -1568,7 +1567,6 @@ apr_status_t isapi_handler (request_rec *r) } if (res < 0) { - isapi_unload(isa, 0); return HTTP_INTERNAL_SERVER_ERROR; }