Fix a segfault in ap_http_filter(). I hit the segfault while

discarding the body of a request, but it could affect other paths.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@87684 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 4ea958992a556637f81f211460f9a072988a55ed..9d5fdafa517ea6e85504f1876b5d1298dbd652ec 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,9 @@
 Changes with Apache 2.0b1
 
+  *) Fix a segfault in ap_http_filter().  I hit the segfault while 
+     discarding the body of a request, but it could affect other paths.
+     [Jeff Trawick]
+
   *) Some adjustment on the handling and automatic setting (via
      hints.m4) of various compilation flags (eg: CFLAGS). Also,
      add the capability to specify flags (NOTEST_CFLAGS and

diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c
index 668b4d07a35a427e45b7dd6be92675bd4f4a76ee..159717817bb8454ec5bd137fe38d822821df0590 100644 (file)
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -1015,6 +1015,7 @@ apr_status_t ap_http_filter(ap_filter_t *f, ap_bucket_brigade *b, ap_input_mode_
     if (f->c->remain) {
         e = AP_BRIGADE_FIRST(ctx->b);
         while (e != AP_BRIGADE_SENTINEL(ctx->b)) {
+            ap_bucket *old;
             const char *ignore;
 
             if ((rv = ap_bucket_read(e, &ignore, &len, mode)) != APR_SUCCESS) {
@@ -1037,11 +1038,11 @@ apr_status_t ap_http_filter(ap_filter_t *f, ap_bucket_brigade *b, ap_input_mode_
                 AP_BRIGADE_INSERT_TAIL(b, e);
                 break; /* once we've gotten some data, deliver it to caller */
             }
-            else {
-                AP_BUCKET_REMOVE(e);
-                ap_bucket_destroy(e);
-            }
+
+            old = e;
             e = AP_BUCKET_NEXT(e);
+            AP_BUCKET_REMOVE(old);
+            ap_bucket_destroy(old);
         }
         if (f->c->remain == 0) {
             ap_bucket *eos = ap_bucket_create_eos();