Browse Source

[stat-cache] FAM: fix use after free (CVE-2013-4560)

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2921 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.34
Stefan Bühler 8 years ago
parent
commit
ae1335503a
  1. 1
      NEWS
  2. 1
      src/stat_cache.c

1
NEWS

@ -8,6 +8,7 @@ NEWS
* [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm)
* [ssl] fix SNI handling; only use key+cert from SNI specific config (fixes #2525, CVE-2013-4508)
* [doc] update ssl.cipher-list recommendation
* [stat-cache] FAM: fix use after free (CVE-2013-4560)
- 1.4.33 - 2013-09-27
* mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex)

1
src/stat_cache.c

@ -648,6 +648,7 @@ handler_t stat_cache_get_entry(server *srv, connection *con, buffer *name, stat_
FamErrlist[FAMErrno]);
fam_dir_entry_free(fam_dir);
fam_dir = NULL;
} else {
int osize = 0;

Loading…
Cancel
Save