/[Apache-SVN]
ViewVC logotype

Revision 1796854

Jump to revision: Previous Next
Author: jim
Date: Tue May 30 12:26:05 2017 UTC (6 years, 1 month ago)
Changed paths: 4
Log Message: 
SECURITY: CVE-2017-3169 (cve.mitre.org)
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.

Merge r1796343 from trunk:

mod_ssl: fix ctx passed to ssl_io_filter_error()

Consistently pass the expected bio_filter_in_ctx_t
to ssl_io_filter_error(). 

Submitted by: ylavic, covener
Reviewed by: covener, ylavic, jim

Changed paths

Path Details
Directoryhttpd/httpd/branches/2.4.x/ modified , props changed
Directoryhttpd/httpd/branches/2.4.x/CHANGES modified , text changed
Directoryhttpd/httpd/branches/2.4.x/STATUS modified , text changed
Directoryhttpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_io.c modified , text changed
infrastructure at apache.org
 ViewVC Help
Powered by ViewVC 1.1.26