From d55c3c855bb562b9e1388ab461698794c6dd67c7 Mon Sep 17 00:00:00 2001
From: Justin Erenkrantz <jerenkrantz@apache.org>
Date: Sun, 14 Oct 2001 20:38:04 +0000
Subject: [PATCH] Ensure that ap_http_filter can not be coersced into reading
 more than we think is currently available.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91462 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/http/http_protocol.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c
index a64ae492230..cf1ab764b6d 100644
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -576,6 +576,12 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, ap_input_mode
         }
     }
 
+    /* Ensure that the caller can not go over our boundary point. */
+    if ((ctx->state == BODY_LENGTH || ctx->state == BODY_CHUNK) && 
+        ctx->remaining < *readbytes) {
+        *readbytes = ctx->remaining;
+    }
+
     rv = ap_get_brigade(f->next, b, mode, readbytes);
 
     if (rv != APR_SUCCESS)
-- 
2.47.3