1
#! /bin/sh /usr/share/dpatch/dpatch-run
3
## DP: Our version of mod_reqtimeout has all fixes from trunk.
4
## DP: Therefore backport the fix for CVE-2010-1623, too.
5
## DP: Upstream commit r1003626.
7
diff --git a/modules/filters/mod_reqtimeout.c b/modules/filters/mod_reqtimeout.c
8
index b0de997..adc4def 100644
9
--- a/modules/filters/mod_reqtimeout.c
10
+++ b/modules/filters/mod_reqtimeout.c
11
@@ -115,6 +115,41 @@ static apr_status_t have_lf_or_eos(apr_bucket_brigade *bb)
12
return APR_INCOMPLETE;
16
+ * Append bbIn to bbOut and merge small buckets, to avoid DoS by high memory
19
+static apr_status_t brigade_append(apr_bucket_brigade *bbOut, apr_bucket_brigade *bbIn)
21
+ while (!APR_BRIGADE_EMPTY(bbIn)) {
22
+ apr_bucket *e = APR_BRIGADE_FIRST(bbIn);
27
+ rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
28
+ if (rv != APR_SUCCESS) {
32
+ APR_BUCKET_REMOVE(e);
33
+ if (APR_BUCKET_IS_METADATA(e) || len > APR_BUCKET_BUFF_SIZE/4) {
34
+ APR_BRIGADE_INSERT_TAIL(bbOut, e);
38
+ rv = apr_brigade_write(bbOut, NULL, NULL, str, len);
39
+ if (rv != APR_SUCCESS) {
40
+ apr_bucket_destroy(e);
44
+ apr_bucket_destroy(e);
51
#define MIN(x,y) ((x) < (y) ? (x) : (y))
52
static apr_status_t reqtimeout_filter(ap_filter_t *f,
53
@@ -217,7 +252,9 @@ static apr_status_t reqtimeout_filter(ap_filter_t *f,
55
ccfg->tmpbb = apr_brigade_create(f->c->pool, f->c->bucket_alloc);
57
- APR_BRIGADE_CONCAT(ccfg->tmpbb, bb);
58
+ rv = brigade_append(ccfg->tmpbb, bb);
59
+ if (rv != APR_SUCCESS)
63
/* ... and wait for more */