From: Bill Stoddard <stoddard@apache.org>
Date: Mon, 6 May 2002 17:23:49 +0000 (+0000)
Subject: Protect from buffer overflow when populating a HEAP based cache object.
X-Git-Tag: 2.0.37~483
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3f40d729ebd14f89f6a13248c6fad8463cbc6b6b;p=apache

Protect from buffer overflow when populating a HEAP based cache object.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94965 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/experimental/mod_mem_cache.c b/modules/experimental/mod_mem_cache.c
index 8259e63f0a..ec81a648d8 100644
--- a/modules/experimental/mod_mem_cache.c
+++ b/modules/experimental/mod_mem_cache.c
@@ -816,11 +816,16 @@ static apr_status_t write_body(cache_handle_t *h, request_rec *r, apr_bucket_bri
         if (rv != APR_SUCCESS) {
             return rv;
         }
-        /* XXX Check for overflow */
-        if (len ) {
-            memcpy(cur, s, len);
-            cur+=len;
-            obj->count+=len;
+        if (len) {
+            /* Check for buffer overflow */
+           if ((obj->count + len) > mobj->m_len) {
+               return APR_ENOMEM;
+           }
+           else {
+               memcpy(cur, s, len);
+               cur+=len;
+               obj->count+=len;
+           }
         }
         /* This should not happen, but if it does, we are in BIG trouble
          * cause we just stomped all over the heap.