VladPolskiy/apache-http-server
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-03 16:33:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

* modules/generators/mod_cgid.c (get_req): Add basic sanity

Browse Source 
checking for the structure received in the CGI daemon.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879136 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Joe Orton
2020-06-24 07:32:36 +00:00
parent 279af56a53
commit 1d85117875
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modules/generators/mod_cgid.c
View File

@ -516,6 +516,14 @@ static apr_status_t get_req(int fd, request_rec *r, char **argv0, char ***env,
return APR_SUCCESS; return APR_SUCCESS;
} }
/* Sanity check the structure received. */
if (req->env_count < 0 || req->uri_len == 0
|| req->filename_len > APR_PATH_MAX || req->filename_len == 0
|| req->argv0_len > APR_PATH_MAX || req->argv0_len == 0
|| req->loglevel > APLOG_TRACE8) {
return APR_EINVAL;
}
/* handle module indexes and such */ /* handle module indexes and such */
rconf = (void **)ap_create_request_config(r->pool); rconf = (void **)ap_create_request_config(r->pool);