From: Bill Stoddard Date: Mon, 6 May 2002 17:23:49 +0000 (+0000) Subject: Protect from buffer overflow when populating a HEAP based cache object. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6d04eed40982ae64cbab037b007aafcae244a243;p=apache Protect from buffer overflow when populating a HEAP based cache object. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94965 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/experimental/mod_mem_cache.c b/modules/experimental/mod_mem_cache.c index 8259e63f0a..ec81a648d8 100644 --- a/modules/experimental/mod_mem_cache.c +++ b/modules/experimental/mod_mem_cache.c @@ -816,11 +816,16 @@ static apr_status_t write_body(cache_handle_t *h, request_rec *r, apr_bucket_bri if (rv != APR_SUCCESS) { return rv; } - /* XXX Check for overflow */ - if (len ) { - memcpy(cur, s, len); - cur+=len; - obj->count+=len; + if (len) { + /* Check for buffer overflow */ + if ((obj->count + len) > mobj->m_len) { + return APR_ENOMEM; + } + else { + memcpy(cur, s, len); + cur+=len; + obj->count+=len; + } } /* This should not happen, but if it does, we are in BIG trouble * cause we just stomped all over the heap.