diff options
author | wrowe <wrowe@13f79535-47bb-0310-9956-ffa450edef68> | 2009-08-04 11:33:49 +0000 |
---|---|---|
committer | wrowe <wrowe@13f79535-47bb-0310-9956-ffa450edef68> | 2009-08-04 11:33:49 +0000 |
commit | ba308b21adc66dbbf7e6dec01f9f87223dd4ea3a (patch) | |
tree | 02f972306943e2177d9f776569821fcdab769d46 /CHANGES | |
parent | 31c64529078507be4d198520b754922c81f95f6c (diff) | |
download | libapr-ba308b21adc66dbbf7e6dec01f9f87223dd4ea3a.tar.gz |
SECURITY: CVE-2009-2412 (cve.mitre.org)
Fix overflow in pools and rmm, where size alignment was taking place.
Reported by: Matt Lewis <mattlewis@google.com>
memory/unix/apr_pools.c
(allocator_alloc, apr_palloc): Check for overflow after aligning size.
(apr_pcalloc): Drop aligning of size; clearing what the caller asked for should suffice.
Submitted by: Matt Lewis <mattlewis@google.com>, Sander Striker
Backports: 800730
git-svn-id: http://svn.apache.org/repos/asf/apr/apr/branches/1.4.x@800731 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes for APR 1.4.0 + *) SECURITY: CVE-2009-2412 (cve.mitre.org) + Fix overflow in pools and rmm, where size alignment was taking place. + [Matt Lewis <mattlewis@google.com>, Sander Striker] + *) Pass default environment to testflock, testoc and testpipe children, so that tests run when APR is compiled with Intel C Compiler. [Bojan Smojver] |