SECURITY (CVE-2012-0031): Fix possible crash on shutdown if a child
changes the sb_type field in the scoreboard. Since unprivileged
children should not be able to affect the parent in this way, this is
treated as a Low severity security issue.
Thanks to "halfdog" <me halfdog.net> for reporting this issue.
* server/scoreboard.c (ap_cleanup_scoreboard, ap_create_scoreboard):
Use a static global to store an authoritative copy of the scoreboard
type.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1230069 13f79535-47bb-0310-9956-
ffa450edef68
-*- coding: utf-8 -*-
Changes with Apache 2.4.0
+ *) SECURITY (CVE-2012-0031): Fix scoreboard issue which could allow
+ an unprivileged child process could cause the parent to crash at
+ shutdown rather than terminate cleanly. [Joe Orton]
+
*) mod_ssl: Fix compilation with xlc on AIX. PR 52394. [Stefan Fritsch]
*) mod_log_config: Fix segfault when trying to log a nameless, valueless
AP_DECLARE_DATA scoreboard *ap_scoreboard_image = NULL;
AP_DECLARE_DATA const char *ap_scoreboard_fname = NULL;
+static ap_scoreboard_e scoreboard_type;
const char * ap_set_scoreboard(cmd_parms *cmd, void *dummy,
const char *arg)
if (ap_scoreboard_image == NULL) {
return APR_SUCCESS;
}
- if (ap_scoreboard_image->global->sb_type == SB_SHARED) {
+ if (scoreboard_type == SB_SHARED) {
ap_cleanup_shared_mem(NULL);
}
else {
ap_init_scoreboard(sb_mem);
}
- ap_scoreboard_image->global->sb_type = sb_type;
+ ap_scoreboard_image->global->sb_type = scoreboard_type = sb_type;
ap_scoreboard_image->global->running_generation = 0;
ap_scoreboard_image->global->restart_time = apr_time_now();
projects / apache / commitdiff