Security fix for CVE-2009-1890: * modules/proxy/mod_proxy_http.c (stream_reqbody_cl): Specify the base passed to apr_strtoff, and validate the Content-Length in the same way the HTTP_IN filter does. If the number of bytes streamed exceeds the expected body length, bail out of the loop. Thanks to: Toadie <toadie643 gmail.com> for reporting and diagnosis of this issue. Submitted by: niq, jorton
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/proxy/mod_proxy_http.c