From: Jim Jagielski Date: Tue, 10 Aug 2010 19:08:27 +0000 (+0000) Subject: Merge r683280 from trunk: X-Git-Tag: 2.2.17~92 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f57f06bf696b33cfda023fc5e90e6019ec3c2b7d;p=thirdparty%2Fapache%2Fhttpd.git Merge r683280 from trunk: * modules/ssl/ssl_engine_io.c (char_buffer_read): Use memmove in place of memcpy since the buffers can overlap; add explanatory comment. PR: 45444 Submitted by: jorton Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@984169 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/STATUS b/STATUS index 89e850f8dbe..d46b459f498 100644 --- a/STATUS +++ b/STATUS @@ -87,12 +87,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_ssl: use memmove instead of memcpy for overlapping buffers - PR 45444 - Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=683280 - 2.2 patch: trunk patch works with offset - +1: sf, rpluem, trawick, jim - * core: (re)-introduce -T commandline option to suppress documentroot check at startup PR 41887 diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index d26a0c2b9c4..9f5d2832042 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -344,6 +344,13 @@ typedef struct { * this char_buffer api might seem silly, but we don't need to copy * any of this data and we need to remember the length. */ + +/* Copy up to INL bytes from the char_buffer BUFFER into IN. Note + * that due to the strange way this API is designed/used, the + * char_buffer object is used to cache a segment of inctx->buffer, and + * then this function called to copy (part of) that segment to the + * beginning of inctx->buffer. So the segments to copy cannot be + * presumed to be non-overlapping, and memmove must be used. */ static int char_buffer_read(char_buffer_t *buffer, char *in, int inl) { if (!buffer->length) { @@ -352,13 +359,13 @@ static int char_buffer_read(char_buffer_t *buffer, char *in, int inl) if (buffer->length > inl) { /* we have have enough to fill the caller's buffer */ - memcpy(in, buffer->value, inl); + memmove(in, buffer->value, inl); buffer->value += inl; buffer->length -= inl; } else { /* swallow remainder of the buffer */ - memcpy(in, buffer->value, buffer->length); + memmove(in, buffer->value, buffer->length); inl = buffer->length; buffer->value = NULL; buffer->length = 0;