apr-util (1.3.9+dfsg-5) 016_CVE-2010-1623.dpatch

Summary

 buckets/apr_brigade.c |   14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

    
download this patch

Patch contents

#! /bin/sh /usr/share/dpatch/dpatch-run
# Fix memory consumption when receiving lots of small packages
# CVE-2010-1623
@DPATCH@
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' lenny-apr-util~/buckets/apr_brigade.c lenny-apr-util/buckets/apr_brigade.c
--- lenny-apr-util~/buckets/apr_brigade.c	2010-09-30 17:10:50.094743227 +0200
+++ lenny-apr-util/buckets/apr_brigade.c	2010-09-30 17:11:48.178286666 +0200
@@ -326,7 +326,19 @@
             return APR_SUCCESS;
         }
         APR_BUCKET_REMOVE(e);
-        APR_BRIGADE_INSERT_TAIL(bbOut, e);
+        if (APR_BUCKET_IS_METADATA(e) || len > APR_BUCKET_BUFF_SIZE/4) {
+            APR_BRIGADE_INSERT_TAIL(bbOut, e);
+        }
+        else {
+            if (len > 0) {
+                rv = apr_brigade_write(bbOut, NULL, NULL, str, len);
+                if (rv != APR_SUCCESS) {
+                    apr_bucket_destroy(e);
+                    return rv;
+                }
+            }
+            apr_bucket_destroy(e);
+        }
         readbytes += len;
         /* We didn't find an APR_ASCII_LF within the maximum line length. */
         if (readbytes >= maxbytes) {