Commit e1e2c633 authored by Justin Erenkrantz's avatar Justin Erenkrantz
Browse files

Ensure that ap_http_filter can not be coersced into reading more than we 

think is currently available.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91462 13f79535-47bb-0310-9956-ffa450edef68
parent 11bbbb4c

modules/http/http_protocol.c

+6 −0
Original line number Diff line number Diff line
@@ -576,6 +576,12 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, ap_input_mode 
        }

    }



    /* Ensure that the caller can not go over our boundary point. */

    if ((ctx->state == BODY_LENGTH || ctx->state == BODY_CHUNK) && 

        ctx->remaining < *readbytes) {

        *readbytes = ctx->remaining;

    }



    rv = ap_get_brigade(f->next, b, mode, readbytes);



    if (rv != APR_SUCCESS)