From 6179630e0fb64c4d35e06743cfc84f02dfdf1517 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Sun, 6 Dec 2009 18:16:59 +0100
Subject: [PATCH] [BUG] check_post: limit analysis to the buffer length

If "balance url_param XXX check_post" is used, we must bound the
number of bytes analysed to the buffer's length.
(cherry picked from commit dc8017ced6a8ec699a50a409f3c8ce5928ea70fa)
---
 src/backend.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/backend.c b/src/backend.c
index cd2b54fd8..54b55a747 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -1248,6 +1248,9 @@ struct server *get_server_ph_post(struct session *s)
 		len = chunk;
 	}
 
+	if (len > req->l - body)
+		len = req->l - body;
+
 	p = params;
 
 	while (len > plen) {