httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r1610653 - in /httpd/httpd/branches/2.4.x: ./ CHANGES server/mpm/winnt/child.c
Date Tue, 15 Jul 2014 11:17:50 GMT
Author: trawick
Date: Tue Jul 15 11:17:49 2014
New Revision: 1610653

URL: http://svn.apache.org/r1610653
Log:
Merge r1610652 from trunk:

SECURITY (CVE-2014-0226): Fix a memory consumption denial of
service in the WinNT MPM used in all Windows installations.
Workaround: AcceptFilter <protocol> {none|connect}

Submitted by: trawick
Reviewed by: jorton, covener, jim

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/server/mpm/winnt/child.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1610652

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1610653&r1=1610652&r2=1610653&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Tue Jul 15 11:17:49 2014
@@ -2,6 +2,11 @@
 
 Changes with Apache 2.4.10
 
+  *) SECURITY (CVE-2014-0226): Fix a memory consumption denial of
+     service in the WinNT MPM (used in all Windows installations).
+     Workaround: AcceptFilter <protocol> {none|connect}
+     [Jeff Trawick]
+
   *) SECURITY: CVE-2014-0226 (cve.mitre.org)
      Fix a race condition in scoreboard handling, which could lead to
      a heap buffer overflow.  [Joe Orton, Eric Covener]

Modified: httpd/httpd/branches/2.4.x/server/mpm/winnt/child.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/mpm/winnt/child.c?rev=1610653&r1=1610652&r2=1610653&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/server/mpm/winnt/child.c (original)
+++ httpd/httpd/branches/2.4.x/server/mpm/winnt/child.c Tue Jul 15 11:17:49 2014
@@ -601,8 +601,12 @@ reinit: /* target of data or connect upo
                 b->length = BytesRead;
                 context->overlapped.Pointer = b;
             }
-            else
+            else {
+                if (accf == 2) {
+                    apr_bucket_free(buf);
+                }
                 context->overlapped.Pointer = NULL;
+            }
         }
         else /* (accf = 0)  e.g. 'none' */
         {



Mime
View raw message