diff options
| author | Yann Ylavic <ylavic@apache.org> | 2020-07-23 16:09:50 +0200 |
|---|---|---|
| committer | Yann Ylavic <ylavic@apache.org> | 2020-07-23 16:09:50 +0200 |
| commit | fb08e475bf322f081665fa6f9d9e346136df9337 (patch) | |
| tree | 4a499f6303081ae42aa49066e2f6960cda9ac9ed /modules/proxy/mod_proxy_uwsgi.c | |
| parent | mod_proxy_http: follow up to r1879419. (diff) | |
| download | apache2-fb08e475bf322f081665fa6f9d9e346136df9337.tar.xz apache2-fb08e475bf322f081665fa6f9d9e346136df9337.zip | |
mod_proxy_uwsgi: Error out on HTTP header larger than 16K
The uwsgi protocol does not let us serialize more than 16K of HTTP header,
so fail early with 500 if it happens.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1880205 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/proxy/mod_proxy_uwsgi.c')
| -rw-r--r-- | modules/proxy/mod_proxy_uwsgi.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/modules/proxy/mod_proxy_uwsgi.c b/modules/proxy/mod_proxy_uwsgi.c index 87f82a1d4d..3df6ad2475 100644 --- a/modules/proxy/mod_proxy_uwsgi.c +++ b/modules/proxy/mod_proxy_uwsgi.c @@ -136,7 +136,7 @@ static int uwsgi_send_headers(request_rec *r, proxy_conn_rec * conn) int j; apr_size_t headerlen = 4; - apr_uint16_t pktsize, keylen, vallen; + apr_size_t pktsize, keylen, vallen; const char *script_name; const char *path_info; const char *auth; @@ -178,6 +178,15 @@ static int uwsgi_send_headers(request_rec *r, proxy_conn_rec * conn) headerlen += 2 + strlen(env[j].key) + 2 + (env[j].val ? strlen(env[j].val) : 0); } + pktsize = headerlen - 4; + if (pktsize > APR_UINT16_MAX) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO() + "can't send headers to %s:%u: packet size too " + "large (%" APR_SIZE_T_FMT ")", + conn->hostname, conn->port, pktsize); + return HTTP_INTERNAL_SERVER_ERROR; + } + ptr = buf = apr_palloc(r->pool, headerlen); ptr += 4; @@ -198,8 +207,6 @@ static int uwsgi_send_headers(request_rec *r, proxy_conn_rec * conn) ptr += vallen; } - pktsize = headerlen - 4; - buf[0] = 0; buf[1] = (apr_byte_t) (pktsize & 0xff); buf[2] = (apr_byte_t) ((pktsize >> 8) & 0xff); |