diff options
author | Stefan Bühler <stbuehler@web.de> | 2013-11-13 11:43:28 +0000 |
---|---|---|
committer | Stefan Bühler <stbuehler@web.de> | 2013-11-13 11:43:28 +0000 |
commit | ae1335503a8f63489f847668ee37df8470a2ab0a (patch) | |
tree | ca6ce0d8a8d12fbe06e73b2eb6ab64b575532bb7 | |
parent | 6f208cfde145fa392add2fd97cfe3b2152d279b0 (diff) | |
download | lighttpd-git-ae1335503a8f63489f847668ee37df8470a2ab0a.tar.gz |
[stat-cache] FAM: fix use after free (CVE-2013-4560)
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2921 152afb58-edef-0310-8abb-c4023f1b3aa9
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | src/stat_cache.c | 1 |
2 files changed, 2 insertions, 0 deletions
@@ -8,6 +8,7 @@ NEWS * [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm) * [ssl] fix SNI handling; only use key+cert from SNI specific config (fixes #2525, CVE-2013-4508) * [doc] update ssl.cipher-list recommendation + * [stat-cache] FAM: fix use after free (CVE-2013-4560) - 1.4.33 - 2013-09-27 * mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex) diff --git a/src/stat_cache.c b/src/stat_cache.c index e995f3b1..924f4dcf 100644 --- a/src/stat_cache.c +++ b/src/stat_cache.c @@ -648,6 +648,7 @@ handler_t stat_cache_get_entry(server *srv, connection *con, buffer *name, stat_ FamErrlist[FAMErrno]); fam_dir_entry_free(fam_dir); + fam_dir = NULL; } else { int osize = 0; |