SECURITY: CVE-2010-1623 (cve.mitre.org)
Fix a denial of service attack against apr_brigade_split_line().

Fixed by: Stefan Fritsch

--- buckets/apr_brigade.c.orig	2009-05-21 18:12:50.000000000 -0400
+++ buckets/apr_brigade.c	2010-10-04 12:52:03.000000000 -0400
@@ -301,7 +301,18 @@
             return APR_SUCCESS;
         }
         APR_BUCKET_REMOVE(e);
-        APR_BRIGADE_INSERT_TAIL(bbOut, e);
+        if (APR_BUCKET_IS_METADATA(e) || len > APR_BUCKET_BUFF_SIZE/4) {
+            APR_BRIGADE_INSERT_TAIL(bbOut, e);
+        }
+        else {
+            if (len > 0) {
+                rv = apr_brigade_write(bbOut, NULL, NULL, str, len);
+                if (rv != APR_SUCCESS) {
+                    return rv;
+                }
+            }
+            apr_bucket_destroy(e);
+        }
         readbytes += len;
         /* We didn't find an APR_ASCII_LF within the maximum line length. */
         if (readbytes >= maxbytes) {