You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by st...@apache.org on 2002/03/04 18:13:08 UTC
cvs commit: httpd-2.0/modules/experimental mod_cache.c
stoddard 02/03/04 09:13:08
Modified: modules/experimental mod_cache.c
Log:
Bail on computing the amount of bytes in a brigade if any of the buckets
have indeterminate length (e.g., a pipe bucket). Passing an invalid length
into mod_mem_cache can cause it to overflow its cache buffer.
Revision Changes Path
1.31 +3 -0 httpd-2.0/modules/experimental/mod_cache.c
Index: mod_cache.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/experimental/mod_cache.c,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- mod_cache.c 23 Feb 2002 19:44:31 -0000 1.30
+++ mod_cache.c 4 Mar 2002 17:13:08 -0000 1.31
@@ -578,6 +578,9 @@
if (APR_BUCKET_IS_FLUSH(e)) {
continue;
}
+ if (e->length < 0) {
+ break;
+ }
size += e->length;
}