From 2272922051b3f1525ea9e211ce5bfe217a33f868 Mon Sep 17 00:00:00 2001
From: Bill Stoddard <stoddard@apache.org>
Date: Mon, 4 Mar 2002 17:13:08 +0000
Subject: [PATCH] Bail on computing the amount of bytes in a brigade if any of
 the buckets have indeterminate length (e.g., a pipe bucket). Passing an
 invalid length into mod_mem_cache can cause it to overflow its cache buffer.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93698 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/experimental/mod_cache.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/experimental/mod_cache.c b/modules/experimental/mod_cache.c
index f7055d51fc9..c72b15d531d 100644
--- a/modules/experimental/mod_cache.c
+++ b/modules/experimental/mod_cache.c
@@ -578,6 +578,9 @@ static int cache_in_filter(ap_filter_t *f, apr_bucket_brigade *in)
                 if (APR_BUCKET_IS_FLUSH(e)) {
                     continue;
                 }
+                if (e->length < 0) {
+                    break;
+                }
                 size += e->length;
             }
 
-- 
2.47.3