Avoid a potential integer underflow in the lock timeout value sent back to a client. The answer to a LOCK request could be an extremly large integer if the time needed to lock the resource was longer that the requested timeout given in the LOCK request. In such a case, we now answer "Second-0". PR55420

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1666361 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 12 insertions, 2 deletions

diff --git a/modules/dav/main/util_lock.c b/modules/dav/main/util_lock.c
index 6ff70efbe2..1b3a647982 100644
--- a/modules/dav/main/util_lock.c
+++ b/modules/dav/main/util_lock.c
@@ -133,8 +133,18 @@ DAV_DECLARE(const char *) dav_lock_get_activelock(request_rec *r,
         }
         else {
             time_t now = time(NULL);
-            apr_snprintf(tmp, sizeof(tmp), "Second-%lu", (long unsigned int)(lock->timeout - now));
-            dav_buffer_append(p, pbuf, tmp);
+            
+            /*
+            ** Check if the timeout is not, for any reason, already elapsed.
+            ** (e.g., because of a large collection, or disk under heavy load...)
+             */
+            if (now >= lock->timeout) {
+                dav_buffer_append(p, pbuf, "Second-0");
+            }
+            else {
+                apr_snprintf(tmp, sizeof(tmp), "Second-%lu", (long unsigned int)(lock->timeout - now));
+                dav_buffer_append(p, pbuf, tmp);
+            }
         }
 
         dav_buffer_append(p, pbuf,