From: Jeff Trawick Date: Fri, 30 Sep 2005 16:34:25 +0000 (+0000) Subject: SECURITY: CAN-2005-2970 (cve.mitre.org) X-Git-Tag: 2.3.0~2926 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a7559098045a7ceacf8c2c56645b2fb43764fb48;p=apache SECURITY: CAN-2005-2970 (cve.mitre.org) worker MPM: Fix a memory leak which can occur after an aborted connection in some limited circumstances. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@292809 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 2b2e4818c7..9a63420def 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.3.0 [Remove entries to the current 2.0 and 2.2 section below, when backported] + *) SECURITY: CAN-2005-2970 (cve.mitre.org) + worker MPM: Fix a memory leak which can occur after an aborted + connection in some limited circumstances. [Greg Ames, Jeff Trawick] + *) Move mod_dbd to /modules/database/ (Nick Kew) *) Move mod_filter and mod_charset_lite to /modules/filters/ (Nick Kew) diff --git a/server/mpm/worker/worker.c b/server/mpm/worker/worker.c index 4594e67c3e..53db4b24f2 100644 --- a/server/mpm/worker/worker.c +++ b/server/mpm/worker/worker.c @@ -724,6 +724,7 @@ static void *listener_thread(apr_thread_t *thd, void * dummy) } else { ptrans = recycled_pool; + recycled_pool = NULL; } apr_pool_tag(ptrans, "transaction"); rv = lr->accept_func(&csd, lr, ptrans); @@ -760,11 +761,15 @@ static void *listener_thread(apr_thread_t *thd, void * dummy) apr_socket_close(csd); ap_log_error(APLOG_MARK, APLOG_CRIT, rv, ap_server_conf, "ap_queue_push failed"); + recycled_pool = ptrans; } else { have_idle_worker = 0; } } + else { + recycled_pool = ptrans; + } } else { if ((rv = SAFE_ACCEPT(apr_proc_mutex_unlock(accept_mutex)))