You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by st...@apache.org on 2002/03/04 18:13:08 UTC

cvs commit: httpd-2.0/modules/experimental mod_cache.c

stoddard    02/03/04 09:13:08

  Modified:    modules/experimental mod_cache.c
  Log:
  Bail on computing the amount of bytes in a brigade if any of the buckets
  have indeterminate length (e.g., a pipe bucket). Passing an invalid length
  into mod_mem_cache can cause it to overflow its cache buffer.
  
  Revision  Changes    Path
  1.31      +3 -0      httpd-2.0/modules/experimental/mod_cache.c
  
  Index: mod_cache.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/experimental/mod_cache.c,v
  retrieving revision 1.30
  retrieving revision 1.31
  diff -u -r1.30 -r1.31
  --- mod_cache.c	23 Feb 2002 19:44:31 -0000	1.30
  +++ mod_cache.c	4 Mar 2002 17:13:08 -0000	1.31
  @@ -578,6 +578,9 @@
                   if (APR_BUCKET_IS_FLUSH(e)) {
                       continue;
                   }
  +                if (e->length < 0) {
  +                    break;
  +                }
                   size += e->length;
               }