Commit 06653fdb authored by Graham Leggett's avatar Graham Leggett
Browse files

A client POST request would be read entirely into RAM before sending it 

on the client - a potential DoS. Fixed.
PR:
Obtained from:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88799 13f79535-47bb-0310-9956-ffa450edef68
parent e81d8564

modules/proxy/proxy_http.c

+4 −6
Original line number Diff line number Diff line
@@ -558,16 +558,14 @@ int ap_proxy_http_handler(request_rec *r, char *url, 
    /* send the request data, if any. */

    if (ap_should_client_block(r)) {

	while ((i = ap_get_client_block(r, buffer, sizeof buffer)) > 0) {

/* XXX FIXME: Only sends downstream when request is fully loaded */

            e = apr_bucket_pool_create(buffer, i, p);

            APR_BRIGADE_INSERT_TAIL(bb, e);

        }

    }



    /* Flush the data to the origin server */

	    e = apr_bucket_flush_create();

	    APR_BRIGADE_INSERT_TAIL(bb, e);

	    ap_pass_brigade(origin->output_filters, bb);

	    apr_brigade_cleanup(bb);

        }

    }





    /*