* modules/generators/mod_cgid.c (get_req): Add basic sanity

  checking for the structure received in the CGI daemon.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879136 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c
index 3cde6992159e6f4ca477c0aedae0b1ebb68b924f..699d7059f9d26e5b3a7df02127aa445c93391e81 100644 (file)
--- a/modules/generators/mod_cgid.c
+++ b/modules/generators/mod_cgid.c
@@ -516,6 +516,14 @@ static apr_status_t get_req(int fd, request_rec *r, char **argv0, char ***env,
         return APR_SUCCESS;
     }
 
+    /* Sanity check the structure received. */
+    if (req->env_count < 0 || req->uri_len == 0
+        || req->filename_len > APR_PATH_MAX || req->filename_len == 0
+        || req->argv0_len > APR_PATH_MAX || req->argv0_len == 0
+        || req->loglevel > APLOG_TRACE8) {
+        return APR_EINVAL;
+    }
+    
     /* handle module indexes and such */
     rconf = (void **)ap_create_request_config(r->pool);