#! /bin/sh /usr/share/dpatch/dpatch-run
## 085_CVE-2011-3607.dpatch by Stefan Fritsch <sf@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fix integer overflow, based on upstream r1198940

@DPATCH@
Index: trunk/server/util.c
===================================================================
--- trunk.orig/server/util.c	2011-12-29 11:48:52.208562162 +0100
+++ trunk/server/util.c	2011-12-29 11:50:13.204564281 +0100
@@ -366,7 +366,7 @@
     char *dest, *dst;
     char c;
     size_t no;
-    int len;
+    apr_size_t len;
 
     if (!source)
         return NULL;
@@ -391,6 +391,8 @@
             len++;
         }
         else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {
+            if (APR_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so)
+                return NULL;
             len += pmatch[no].rm_eo - pmatch[no].rm_so;
         }
 
