Ensure that ap_http_filter can not be coersced into reading more than we

author Justin Erenkrantz <jerenkrantz@apache.org>

Sun, 14 Oct 2001 20:38:04 +0000 (20:38 +0000)

committer Justin Erenkrantz <jerenkrantz@apache.org>

Sun, 14 Oct 2001 20:38:04 +0000 (20:38 +0000)
author Justin Erenkrantz <jerenkrantz@apache.org>
Sun, 14 Oct 2001 20:38:04 +0000 (20:38 +0000)
committer Justin Erenkrantz <jerenkrantz@apache.org>
Sun, 14 Oct 2001 20:38:04 +0000 (20:38 +0000)
diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c

index a64ae49223052276d9822afe1aacd381744bcc8e..cf1ab764b6d4d27b9f71999dfc79c61d3e87fb39 100644 (file)
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -576,6 +576,12 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, ap_input_mode
          }
      }
  
+    /* Ensure that the caller can not go over our boundary point. */
+    if ((ctx->state == BODY_LENGTH || ctx->state == BODY_CHUNK) && 
+        ctx->remaining < *readbytes) {
+        *readbytes = ctx->remaining;
+    }
+
      rv = ap_get_brigade(f->next, b, mode, readbytes);
  
      if (rv != APR_SUCCESS)
author	Justin Erenkrantz <jerenkrantz@apache.org>
	Sun, 14 Oct 2001 20:38:04 +0000 (20:38 +0000)
committer	Justin Erenkrantz <jerenkrantz@apache.org>
	Sun, 14 Oct 2001 20:38:04 +0000 (20:38 +0000)