Checkout
Joe Orton
committed
on 14 Jul 14
SECURITY (CVE-2014-0226): Fix a race condition in scoreboard handling,
which could lead to a heap buffer overflow. Thanks to Marek Kroemeke… Show more
SECURITY (CVE-2014-0226): Fix a race condition in scoreboard handling,

which could lead to a heap buffer overflow.  Thanks to Marek Kroemeke

working with HP's Zero Day Initiative for reporting this.

* include/scoreboard.h: Add ap_copy_scoreboard_worker.

* server/scoreboard.c (ap_copy_scoreboard_worker): New function.

* modules/generators/mod_status.c (status_handler): Use it.

* modules/lua/lua_request.c (lua_ap_scoreboard_worker): Likewise.

Reviewed by: trawick, jorton, covener, jim

Submitted by: jorton, covener

Show less