From a38bd025fc6d55a0cc471aec6b54d79592bbc45c Mon Sep 17 00:00:00 2001
From: Greg Ames <gregames@apache.org>
Date: Thu, 27 Mar 2003 20:34:56 +0000
Subject: [PATCH] ap_rgetline_core: set the number of bytes read & copied into
 the caller's buffer when returning APR_ENOSPC.  This prevents seg faults in
 ap_get_mime_headers_core in an error path which handles headers that are too
 long.

Submitted by:	Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99079 13f79535-47bb-0310-9956-ffa450edef68
---
 server/protocol.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/server/protocol.c b/server/protocol.c
index e23ad88ac1..839279ad62 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -290,6 +290,7 @@ AP_DECLARE(apr_status_t) ap_rgetline_core(char **s, apr_size_t n,
 
         /* Would this overrun our buffer?  If so, we'll die. */
         if (n < bytes_handled + len) {
+            *read = bytes_handled;
             return APR_ENOSPC;
         }
 
@@ -390,6 +391,7 @@ AP_DECLARE(apr_status_t) ap_rgetline_core(char **s, apr_size_t n,
             last_char = *s + bytes_handled - 1;
         }
         else {
+            *read = n;
             return APR_ENOSPC;
         }
     }
@@ -519,6 +521,7 @@ AP_DECLARE(apr_status_t) ap_rgetline_core(char **s, apr_size_t n,
                 return APR_SUCCESS;
             }
             else {
+                *read = n;
                 return APR_ENOSPC;
             }
         }