Commit adb3011f authored by Madhusudan Mathihalli's avatar Madhusudan Mathihalli
Browse files

Fix SEGV in 'shmcb' session cache: 

When a 'read' or 'write' to session cache is done, we need to check the size
of the data being 'read' or 'written' to avoid buffer over-run.

PR: 27751
Submitted by: Geoff Thorpe
Reviewed by: Madhusudan Mathihalli


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103669 13f79535-47bb-0310-9956-ffa450edef68
parent 3547116a

ssl_scache_shmcb.c

+8 −0
Original line number Diff line number Diff line
@@ -840,6 +840,10 @@ static void shmcb_cyclic_ntoc_memcpy( 
    unsigned int dest_offset,

    unsigned char *src, unsigned int src_len)

{

    /* Cover the case that src_len > buf_size */

    if (src_len > buf_size)

        src_len = buf_size;



    /* Can it be copied all in one go? */

    if (dest_offset + src_len < buf_size)

        /* yes */
@@ -863,6 +867,10 @@ static void shmcb_cyclic_cton_memcpy( 
    unsigned int src_offset,

    unsigned int src_len)

{

    /* Cover the case that src_len > buf_size */

    if (src_len > buf_size)

        src_len = buf_size;



    /* Can it be copied all in one go? */

    if (src_offset + src_len < buf_size)

        /* yes */