From 42bcf81be8dc9f51682e62bb71a6a98d4a511426 Mon Sep 17 00:00:00 2001
From: Jeff Trawick <trawick@apache.org>
Date: Tue, 15 Jul 2014 11:15:26 +0000
Subject: [PATCH] SECURITY (CVE-2014-3523): Fix a memory consumption denial of
 service in the WinNT MPM used in all Windows installations. Workaround:
 AcceptFilter <protocol> {none|connect}

Submitted by: trawick
Reviewed by: jorton, covener, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610652 13f79535-47bb-0310-9956-ffa450edef68
---
 server/mpm/winnt/child.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/mpm/winnt/child.c b/server/mpm/winnt/child.c
index a769a9e659..34aa1080db 100644
--- a/server/mpm/winnt/child.c
+++ b/server/mpm/winnt/child.c
@@ -601,8 +601,12 @@ reinit: /* target of data or connect upon too many AcceptEx failures */
                 b->length = BytesRead;
                 context->overlapped.Pointer = b;
             }
-            else
+            else {
+                if (accf == 2) {
+                    apr_bucket_free(buf);
+                }
                 context->overlapped.Pointer = NULL;
+            }
         }
         else /* (accf = 0)  e.g. 'none' */
         {
-- 
2.40.0