Protect from buffer overflow when populating a HEAP based cache object.

author Bill Stoddard <stoddard@apache.org>

Mon, 6 May 2002 17:23:49 +0000 (17:23 +0000)

committer Bill Stoddard <stoddard@apache.org>

Mon, 6 May 2002 17:23:49 +0000 (17:23 +0000)
author Bill Stoddard <stoddard@apache.org>
Mon, 6 May 2002 17:23:49 +0000 (17:23 +0000)
committer Bill Stoddard <stoddard@apache.org>
Mon, 6 May 2002 17:23:49 +0000 (17:23 +0000)
diff --git a/modules/experimental/mod_mem_cache.c b/modules/experimental/mod_mem_cache.c

index 8259e63f0ada84d21566f6c6eac22f0028517787..ec81a648d8f4f8a5dedaccd20893998a2c75c292 100644 (file)
--- a/modules/experimental/mod_mem_cache.c
+++ b/modules/experimental/mod_mem_cache.c
@@ -816,11 +816,16 @@ static apr_status_t write_body(cache_handle_t *h, request_rec *r, apr_bucket_bri
          if (rv != APR_SUCCESS) {
              return rv;
          }
-        /* XXX Check for overflow */
-        if (len ) {
-            memcpy(cur, s, len);
-            cur+=len;
-            obj->count+=len;
+        if (len) {
+            /* Check for buffer overflow */
+           if ((obj->count + len) > mobj->m_len) {
+               return APR_ENOMEM;
+           }
+           else {
+               memcpy(cur, s, len);
+               cur+=len;
+               obj->count+=len;
+           }
          }
          /* This should not happen, but if it does, we are in BIG trouble
           * cause we just stomped all over the heap.
author	Bill Stoddard <stoddard@apache.org>
	Mon, 6 May 2002 17:23:49 +0000 (17:23 +0000)
committer	Bill Stoddard <stoddard@apache.org>
	Mon, 6 May 2002 17:23:49 +0000 (17:23 +0000)