Skip to content
Commit 8399ea9e authored by Joe Orton's avatar Joe Orton
Browse files

Merge r790587 from trunk:

Security fix for CVE-2009-1890:

* modules/proxy/mod_proxy_http.c (stream_reqbody_cl): Specify the base
  passed to apr_strtoff, and validate the Content-Length in the same
  way the HTTP_IN filter does.  If the number of bytes streamed
  exceeds the expected body length, bail out of the loop.

Submitted by: niq, jorton
Reviewed by: rpluem, jim, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790914 13f79535-47bb-0310-9956-ffa450edef68
parent ceaf889b
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment