[stat-cache] FAM: fix use after free (CVE-2013-4560)

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2921 152afb58-edef-0310-8abb-c4023f1b3aa9

2 files changed, 2 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 2ae97783..065c6289 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,7 @@ NEWS
   * [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm)
   * [ssl] fix SNI handling; only use key+cert from SNI specific config (fixes #2525, CVE-2013-4508)
   * [doc] update ssl.cipher-list recommendation
+  * [stat-cache] FAM: fix use after free (CVE-2013-4560)
 
 - 1.4.33 - 2013-09-27
   * mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex)
diff --git a/src/stat_cache.c b/src/stat_cache.c
index e995f3b1..924f4dcf 100644
--- a/src/stat_cache.c
+++ b/src/stat_cache.c
@@ -648,6 +648,7 @@ handler_t stat_cache_get_entry(server *srv, connection *con, buffer *name, stat_
 						FamErrlist[FAMErrno]);
 
 				fam_dir_entry_free(fam_dir);
+				fam_dir = NULL;
 			} else {
 				int osize = 0;