git.ipfire.org Git - thirdparty/apache/httpd.git/commit

author	Joe Orton <jorton@apache.org>
	Mon, 14 Jul 2014 20:34:32 +0000 (20:34 +0000)
committer	Joe Orton <jorton@apache.org>
	Mon, 14 Jul 2014 20:34:32 +0000 (20:34 +0000)
commit	19998e63792ba4c6b5232de3cd4302ce267a2f83
tree	a275e86593e0c12b3d2ff69c81445659b46e1ab2	tree \| snapshot
parent	57015497cd9710d59da32ed29a6f602cdd30a216	commit \| diff

Merge 1610491 from trunk:

SECURITY (CVE-2014-0226): Fix a race condition in scoreboard handling,
which could lead to a heap buffer overflow. Thanks to Marek Kroemeke
working with HP's Zero Day Initiative for reporting this.

* include/scoreboard.h: Add ap_copy_scoreboard_worker.

* server/scoreboard.c (ap_copy_scoreboard_worker): New function.

* modules/generators/mod_status.c (status_handler): Use it.

Reviewed by: trawick, jorton, covener
Submitted by: jorton, trawick, covener

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1610515 13f79535-47bb-0310-9956-ffa450edef68

CHANGES		diff \| blob \| blame \| history
include/ap_mmn.h		diff \| blob \| blame \| history
include/scoreboard.h		diff \| blob \| blame \| history
modules/generators/mod_status.c		diff \| blob \| blame \| history
server/scoreboard.c		diff \| blob \| blame \| history