From: Bill Stoddard <stoddard@apache.org>
Date: Mon, 4 Mar 2002 17:13:08 +0000 (+0000)
Subject: Bail on computing the amount of bytes in a brigade if any of the buckets
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2272922051b3f1525ea9e211ce5bfe217a33f868;p=apache

Bail on computing the amount of bytes in a brigade if any of the buckets
have indeterminate length (e.g., a pipe bucket). Passing an invalid length
into mod_mem_cache can cause it to overflow its cache buffer.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93698 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/experimental/mod_cache.c b/modules/experimental/mod_cache.c
index f7055d51fc..c72b15d531 100644
--- a/modules/experimental/mod_cache.c
+++ b/modules/experimental/mod_cache.c
@@ -578,6 +578,9 @@ static int cache_in_filter(ap_filter_t *f, apr_bucket_brigade *in)
                 if (APR_BUCKET_IS_FLUSH(e)) {
                     continue;
                 }
+                if (e->length < 0) {
+                    break;
+                }
                 size += e->length;
             }