You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by jo...@apache.org on 2020/06/24 07:32:36 UTC

svn commit: r1879136 - /httpd/httpd/trunk/modules/generators/mod_cgid.c

Author: jorton
Date: Wed Jun 24 07:32:36 2020
New Revision: 1879136

URL: http://svn.apache.org/viewvc?rev=1879136&view=rev
Log:
* modules/generators/mod_cgid.c (get_req): Add basic sanity
  checking for the structure received in the CGI daemon.

Modified:
    httpd/httpd/trunk/modules/generators/mod_cgid.c

Modified: httpd/httpd/trunk/modules/generators/mod_cgid.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?rev=1879136&r1=1879135&r2=1879136&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/generators/mod_cgid.c (original)
+++ httpd/httpd/trunk/modules/generators/mod_cgid.c Wed Jun 24 07:32:36 2020
@@ -516,6 +516,14 @@ static apr_status_t get_req(int fd, requ
         return APR_SUCCESS;
     }
 
+    /* Sanity check the structure received. */
+    if (req->env_count < 0 || req->uri_len == 0
+        || req->filename_len > APR_PATH_MAX || req->filename_len == 0
+        || req->argv0_len > APR_PATH_MAX || req->argv0_len == 0
+        || req->loglevel > APLOG_TRACE8) {
+        return APR_EINVAL;
+    }
+    
     /* handle module indexes and such */
     rconf = (void **)ap_create_request_config(r->pool);