From: Bill Stoddard <stoddard@apache.org>
Date: Mon, 4 Mar 2002 17:13:08 +0000 (+0000)
Subject: Bail on computing the amount of bytes in a brigade if any of the buckets
X-Git-Tag: 2.0.33~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=564612dcb8d11300dfa571b83be2ad203c790808;p=thirdparty%2Fapache%2Fhttpd.git

Bail on computing the amount of bytes in a brigade if any of the buckets
have indeterminate length (e.g., a pipe bucket). Passing an invalid length
into mod_mem_cache can cause it to overflow its cache buffer.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93698 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/experimental/mod_cache.c b/modules/experimental/mod_cache.c
index f7055d51fc9..c72b15d531d 100644
--- a/modules/experimental/mod_cache.c
+++ b/modules/experimental/mod_cache.c
@@ -578,6 +578,9 @@ static int cache_in_filter(ap_filter_t *f, apr_bucket_brigade *in)
                 if (APR_BUCKET_IS_FLUSH(e)) {
                     continue;
                 }
+                if (e->length < 0) {
+                    break;
+                }
                 size += e->length;
             }