[mod_ajp13] fix crash with bad response headers (fixes #3170)

fix crash with bad response headers from AJP13 backend

(thx Michał Dardas)

x-ref:
  "mod_ajp13 read heap buffer overflow"
  https://redmine.lighttpd.net/issues/3170
master
Glenn Strauss 6 months ago
parent 6524a2fb6f
commit 0b49e767b9

@ -812,6 +812,12 @@ ajp13_recv_parse_loop (request_st * const r, handler_ctx * const hctx)
switch(ptr[4]) {
case AJP13_SEND_HEADERS:
if (0 == r->resp_body_started) {
if (plen < 3) {
log_error(errh, __FILE__, __LINE__,
"AJP13: headers packet received with invalid length");
return HANDLER_FINISHED;
}
buffer *hdrs = hctx->response;
if (NULL == hdrs) {
hdrs = r->tmp_buf;

Loading…
Cancel
Save