Commit 4685944e authored by Joe Orton's avatar Joe Orton
Browse files

Security fix for CVE-2009-1890:

* modules/proxy/mod_proxy_http.c (stream_reqbody_cl): Specify the base
  passed to apr_strtoff, and validate the Content-Length in the same
  way the HTTP_IN filter does.  If the number of bytes streamed
  exceeds the expected body length, bail out of the loop.

Submitted by: niq, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@790587 13f79535-47bb-0310-9956-ffa450edef68
parent 0480b452
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment