# SECURITY: CVE-2010-0425 (cve.mitre.org)
# 
# mod_isapi: Do not unload an isapi .dll module until the request
# processing is completed, avoiding orphaned callback pointers.
# 
# Submitted by: Brett Gervasoni <brettg senseofsecurity.com>, trawick
# Reviewed by: trawick, wrowe
# Backports: r917870

Modified: httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c?rev=917871&r1=917870&r2=917871&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c (original)
+++ httpd/httpd/branches/2.2.x/modules/arch/win32/mod_isapi.c Tue Mar  2 04:30:53 2010
@@ -1503,7 +1503,6 @@
     /* Set up client input */
     res = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR);
     if (res) {
-        isapi_unload(isa, 0);
         return res;
     }
 
@@ -1534,7 +1533,6 @@
         }
 
         if (res < 0) {
-            isapi_unload(isa, 0);
             return HTTP_INTERNAL_SERVER_ERROR;
         }