From dc8017ced6a8ec699a50a409f3c8ce5928ea70fa Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Sun, 6 Dec 2009 18:16:59 +0100
Subject: [PATCH] [BUG] check_post: limit analysis to the buffer length

If "balance url_param XXX check_post" is used, we must bound the
number of bytes analysed to the buffer's length.
---
 src/backend.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/backend.c b/src/backend.c
index f4e6110f97..70201ce2c9 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -289,6 +289,9 @@ struct server *get_server_ph_post(struct session *s)
 		len = chunk;
 	}
 
+	if (len > req->l - body)
+		len = req->l - body;
+
 	p = params;
 
 	while (len > plen) {
-- 
2.47.3