* Compare the source buffers usage with the destination buffers size.

  This is just hardening as the code is currently not used.

Submitted by: Elhanan Haenel <elhanan.haenel@gmail.com>
Reviewed by: rpluem

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1932498 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/changes-entries/mod_proxy_ajp_msg_copy.txt b/changes-entries/mod_proxy_ajp_msg_copy.txt
new file mode 100644 (file)
index 0000000..4e0fc88
--- /dev/null
+++ b/changes-entries/mod_proxy_ajp_msg_copy.txt
@@ -0,0 +1,2 @@
+  *) mod_proxy_ajp: Fix a wrong comparison in ajp_msg_copy.
+     [Elhanan Haenel <elhanan.haenel@gmail.com>]

diff --git a/modules/proxy/ajp_msg.c b/modules/proxy/ajp_msg.c
index 3367b5df4aa809236850c8286931468927e2c93e..b5b3f2c07bf7ad222d0feb3e24245459488189c6 100644 (file)
--- a/modules/proxy/ajp_msg.c
+++ b/modules/proxy/ajp_msg.c
@@ -582,7 +582,7 @@ apr_status_t ajp_msg_create(apr_pool_t *pool, apr_size_t size, ajp_msg_t **rmsg)
  */
 apr_status_t ajp_msg_copy(ajp_msg_t *smsg, ajp_msg_t *dmsg)
 {
-    if (smsg->len > smsg->max_size) {
+    if (smsg->len > dmsg->max_size) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, APLOGNO(01082)
                      "ajp_msg_copy(): destination buffer too "
                      "small %" APR_SIZE_T_FMT ", max size is %" APR_SIZE_T_FMT,