From: Justin Erenkrantz <jerenkrantz@apache.org>
Date: Sun, 14 Oct 2001 20:38:04 +0000 (+0000)
Subject: Ensure that ap_http_filter can not be coersced into reading more than we
X-Git-Tag: 2.0.26~18
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d55c3c855bb562b9e1388ab461698794c6dd67c7;p=apache

Ensure that ap_http_filter can not be coersced into reading more than we
think is currently available.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91462 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c
index a64ae49223..cf1ab764b6 100644
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -576,6 +576,12 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, ap_input_mode
         }
     }
 
+    /* Ensure that the caller can not go over our boundary point. */
+    if ((ctx->state == BODY_LENGTH || ctx->state == BODY_CHUNK) && 
+        ctx->remaining < *readbytes) {
+        *readbytes = ctx->remaining;
+    }
+
     rv = ap_get_brigade(f->next, b, mode, readbytes);
 
     if (rv != APR_SUCCESS)