Security fix for CVE-2009-1890:

* modules/proxy/mod_proxy_http.c (stream_reqbody_cl): Specify the base
  passed to apr_strtoff, and validate the Content-Length in the same
  way the HTTP_IN filter does.  If the number of bytes streamed
  exceeds the expected body length, bail out of the loop.

Submitted by: niq, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@790587 13f79535-47bb-0310-9956-ffa450edef68