diff options
author | jerenkrantz <jerenkrantz@13f79535-47bb-0310-9956-ffa450edef68> | 2003-05-28 04:39:42 +0000 |
---|---|---|
committer | jerenkrantz <jerenkrantz@13f79535-47bb-0310-9956-ffa450edef68> | 2003-05-28 04:39:42 +0000 |
commit | ca6809f67e9a53a1dfb980e61cff77526608b4b4 (patch) | |
tree | 9e1c45f378deb1615eaffed1eb7fb507bfb84cec /memory/unix/apr_pools.c | |
parent | 220c6e4ea2e1c9b1d02fd9e974f204d384b96e53 (diff) | |
download | libapr-ca6809f67e9a53a1dfb980e61cff77526608b4b4.tar.gz |
Fixed a bug that could be triggered remotely through mod_dav and possibly other
mechanisms, causing an Apache child process to crash. The crash was first
reported by David Endler <DEndler@iDefense.com> and was researched and fixed by
Joe Orton <jorton@redhat.com>. Details will be released on 30 May 2003.
CVE: CAN-2003-0245
Reported by: David Endler <DEndler@iDefense.com>
Submitted by: Joe Orton <jorton@redhat.com>
Reviewed by: Justin, Jim, Jeff
git-svn-id: http://svn.apache.org/repos/asf/apr/apr/trunk@64511 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'memory/unix/apr_pools.c')
-rw-r--r-- | memory/unix/apr_pools.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/memory/unix/apr_pools.c b/memory/unix/apr_pools.c index 22dad218f..de4fbbf1a 100644 --- a/memory/unix/apr_pools.c +++ b/memory/unix/apr_pools.c @@ -976,7 +976,7 @@ static int psprintf_flush(apr_vformatter_buff_t *vbuff) if (ps->got_a_new_node) { active->next = ps->free; - ps->free = node; + ps->free = active; } ps->got_a_new_node = 1; |