From ae1335503a8f63489f847668ee37df8470a2ab0a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
Date: Wed, 13 Nov 2013 11:43:28 +0000
Subject: [PATCH] [stat-cache] FAM: fix use after free (CVE-2013-4560)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2921 152afb58-edef-0310-8abb-c4023f1b3aa9
---
 NEWS             | 1 +
 src/stat_cache.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/NEWS b/NEWS
index 2ae97783..065c6289 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,7 @@ NEWS
   * [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm)
   * [ssl] fix SNI handling; only use key+cert from SNI specific config (fixes #2525, CVE-2013-4508)
   * [doc] update ssl.cipher-list recommendation
+  * [stat-cache] FAM: fix use after free (CVE-2013-4560)
 
 - 1.4.33 - 2013-09-27
   * mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex)
diff --git a/src/stat_cache.c b/src/stat_cache.c
index e995f3b1..924f4dcf 100644
--- a/src/stat_cache.c
+++ b/src/stat_cache.c
@@ -648,6 +648,7 @@ handler_t stat_cache_get_entry(server *srv, connection *con, buffer *name, stat_
 						FamErrlist[FAMErrno]);
 
 				fam_dir_entry_free(fam_dir);
+				fam_dir = NULL;
 			} else {
 				int osize = 0;