]> granicus.if.org Git - apache/commit
projects / apache / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f43ac4f) | patch
SECURITY: CVE-2017-3169 (cve.mitre.org)
authorJim Jagielski <jim@apache.org>
Tue, 30 May 2017 12:26:05 +0000 (12:26 +0000)
committerJim Jagielski <jim@apache.org>
Tue, 30 May 2017 12:26:05 +0000 (12:26 +0000)
commita0403e8220676ecc1272bb02b0aa99e8992b8ec9
treeba75fbde673590cd3eeec5279f66dd86870584e9tree | snapshot
parentf43ac4facd0be6956bd3e131a77b97adb612f513commit | diff
SECURITY: CVE-2017-3169 (cve.mitre.org)
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.

Merge r1796343 from trunk:

mod_ssl: fix ctx passed to ssl_io_filter_error()

Consistently pass the expected bio_filter_in_ctx_t
to ssl_io_filter_error().

Submitted by: ylavic, covener
Reviewed by: covener, ylavic, jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1796854 13f79535-47bb-0310-9956-ffa450edef68
CHANGES diff | blob | history
STATUS diff | blob | history
modules/ssl/ssl_engine_io.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.