SECURITY: CVE-2009-2412 (cve.mitre.org)

Fix overflow in pools and rmm, where size alignment was taking place. Reported by: Matt Lewis <mattlewis@google.com> memory/unix/apr_pools.c (allocator_alloc, apr_palloc): Check for overflow after aligning size. (apr_pcalloc): Drop aligning of size; clearing what the caller asked for should suffice. Submitted by: Matt Lewis <mattlewis@google.com>, Sander Striker Backports: 800730 git-svn-id: http://svn.apache.org/repos/asf/apr/apr/branches/1.4.x@800731 13f79535-47bb-0310-9956-ffa450edef68
author: wrowe <wrowe@13f79535-47bb-0310-9956-ffa450edef68> 2009-08-04 11:33:49 +0000
committer: wrowe <wrowe@13f79535-47bb-0310-9956-ffa450edef68> 2009-08-04 11:33:49 +0000
commit: ba308b21adc66dbbf7e6dec01f9f87223dd4ea3a (patch)
tree: 02f972306943e2177d9f776569821fcdab769d46 /CHANGES
parent: 31c64529078507be4d198520b754922c81f95f6c (diff)
download: libapr-ba308b21adc66dbbf7e6dec01f9f87223dd4ea3a.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 7b6bf88fa..92440aad9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                      -*- coding: utf-8 -*-
 Changes for APR 1.4.0
 
+  *) SECURITY: CVE-2009-2412 (cve.mitre.org)
+     Fix overflow in pools and rmm, where size alignment was taking place.
+     [Matt Lewis <mattlewis@google.com>, Sander Striker]
+
   *) Pass default environment to testflock, testoc and testpipe children,
      so that tests run when APR is compiled with Intel C Compiler.
      [Bojan Smojver]
author	wrowe <wrowe@13f79535-47bb-0310-9956-ffa450edef68>	2009-08-04 11:33:49 +0000
committer	wrowe <wrowe@13f79535-47bb-0310-9956-ffa450edef68>	2009-08-04 11:33:49 +0000
commit	ba308b21adc66dbbf7e6dec01f9f87223dd4ea3a (patch)
tree	02f972306943e2177d9f776569821fcdab769d46 /CHANGES
parent	31c64529078507be4d198520b754922c81f95f6c (diff)
download	libapr-ba308b21adc66dbbf7e6dec01f9f87223dd4ea3a.tar.gz