From: William A. Rowe Jr Date: Tue, 2 Mar 2010 04:30:33 +0000 (+0000) Subject: SECURITY: CVE-2010-0425 (cve.mitre.org) X-Git-Tag: 2.3.6~422 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1ea89a333a6f69e8c55459213c653b614dda5b7b;p=thirdparty%2Fapache%2Fhttpd.git SECURITY: CVE-2010-0425 (cve.mitre.org) mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. Submitted by: Brett Gervasoni , trawick Reviewed by: trawick, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@917870 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index f530daa586f..3b213a12e7c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,12 @@ - -*- coding: utf-8 -*- + -*- coding: utf-8 -*- Changes with Apache 2.3.7 + *) SECURITY: CVE-2010-0425 (cve.mitre.org) + mod_isapi: Do not unload an isapi .dll module until the request + processing is completed, avoiding orphaned callback pointers. + [Brett Gervasoni , Jeff Trawick] + *) support/rotatelogs: Add -L option to create a link to the current log file. PR 48761 [, Dan Poirier] diff --git a/modules/arch/win32/mod_isapi.c b/modules/arch/win32/mod_isapi.c index bfc26aadd1f..ec0c800d2b7 100644 --- a/modules/arch/win32/mod_isapi.c +++ b/modules/arch/win32/mod_isapi.c @@ -1503,7 +1503,6 @@ apr_status_t isapi_handler (request_rec *r) /* Set up client input */ res = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR); if (res) { - isapi_unload(isa, 0); return res; } @@ -1534,7 +1533,6 @@ apr_status_t isapi_handler (request_rec *r) } if (res < 0) { - isapi_unload(isa, 0); return HTTP_INTERNAL_SERVER_ERROR; }