Browse Source

fixed FastCGI header overrun in mod_fastcgi

(reported by mattias@secweb.se)


git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1983 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.18
Jan Kneschke 14 years ago
parent
commit
34b3ee0228
  1. 1
      NEWS
  2. 9
      src/mod_fastcgi.c

1
NEWS

@ -6,6 +6,7 @@ NEWS
- 1.4.18 -
* fixed compile error on IRIX 6.5.x on prctl() (#1333)
* fixed forwarding a SIGINT and SIGHUP when using max-workers (#902)
* fixed FastCGI header overrun in mod_fastcgi (reported by mattias@secweb.se)
- 1.4.17 - 2007-08-29

9
src/mod_fastcgi.c

@ -1571,6 +1571,13 @@ static int fcgi_env_add(buffer *env, const char *key, size_t key_len, const char
len += key_len > 127 ? 4 : 1;
len += val_len > 127 ? 4 : 1;
if (env->used + len >= FCGI_MAX_LENGTH) {
/**
* we can't append more headers, ignore it
*/
return -1;
}
buffer_prepare_append(env, len);
if (key_len > 127) {
@ -1600,6 +1607,8 @@ static int fcgi_env_add(buffer *env, const char *key, size_t key_len, const char
}
static int fcgi_header(FCGI_Header * header, unsigned char type, size_t request_id, int contentLength, unsigned char paddingLength) {
assert(contentLength <= FCGI_MAX_LENGTH);
header->version = FCGI_VERSION_1;
header->type = type;
header->requestIdB0 = request_id & 0xff;

Loading…
Cancel
Save