summaryrefslogtreecommitdiff
path: root/memory/unix/apr_pools.c
diff options
context:
space:
mode:
authorjerenkrantz <jerenkrantz@13f79535-47bb-0310-9956-ffa450edef68>2003-05-28 04:39:42 +0000
committerjerenkrantz <jerenkrantz@13f79535-47bb-0310-9956-ffa450edef68>2003-05-28 04:39:42 +0000
commitca6809f67e9a53a1dfb980e61cff77526608b4b4 (patch)
tree9e1c45f378deb1615eaffed1eb7fb507bfb84cec /memory/unix/apr_pools.c
parent220c6e4ea2e1c9b1d02fd9e974f204d384b96e53 (diff)
downloadlibapr-ca6809f67e9a53a1dfb980e61cff77526608b4b4.tar.gz
Fixed a bug that could be triggered remotely through mod_dav and possibly other
mechanisms, causing an Apache child process to crash. The crash was first reported by David Endler <DEndler@iDefense.com> and was researched and fixed by Joe Orton <jorton@redhat.com>. Details will be released on 30 May 2003. CVE: CAN-2003-0245 Reported by: David Endler <DEndler@iDefense.com> Submitted by: Joe Orton <jorton@redhat.com> Reviewed by: Justin, Jim, Jeff git-svn-id: http://svn.apache.org/repos/asf/apr/apr/trunk@64511 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'memory/unix/apr_pools.c')
-rw-r--r--memory/unix/apr_pools.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/memory/unix/apr_pools.c b/memory/unix/apr_pools.c
index 22dad218f..de4fbbf1a 100644
--- a/memory/unix/apr_pools.c
+++ b/memory/unix/apr_pools.c
@@ -976,7 +976,7 @@ static int psprintf_flush(apr_vformatter_buff_t *vbuff)
if (ps->got_a_new_node) {
active->next = ps->free;
- ps->free = node;
+ ps->free = active;
}
ps->got_a_new_node = 1;