From: Jim Jagielski <jim@apache.org>
Date: Wed, 29 Mar 2006 17:59:14 +0000 (+0000)
Subject: Limit environment size to FastCGI to FCGI_MAX_ENV_SIZE
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=865db434eece283452fe1c6b7a7cab761ce3da2d;p=thirdparty%2Fapache%2Fhttpd.git

Limit environment size to FastCGI to FCGI_MAX_ENV_SIZE
(which is currently 65535)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/fcgi-proxy-dev@389847 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/proxy/fcgi_protocol.h b/modules/proxy/fcgi_protocol.h
index da466a635aa..34e6714dd96 100644
--- a/modules/proxy/fcgi_protocol.h
+++ b/modules/proxy/fcgi_protocol.h
@@ -95,6 +95,13 @@ typedef struct {
     unsigned char reserved[5];
 } fcgi_begin_request_body;
 
+/*
+ * Maximum size of the allowed environment.
+ */
+#define FCGI_MAX_ENV_SIZE  65535
+
+/* #define FCGI_DUMP_ENV_VARS */
+
 
 #endif /* FCGI_PROTOCOL_H */
 /** @} */
diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
index 0ea4c7674df..7c89aa0adcd 100644
--- a/modules/proxy/mod_proxy_fcgi.c
+++ b/modules/proxy/mod_proxy_fcgi.c
@@ -211,19 +211,18 @@ static apr_status_t send_environment(proxy_conn_rec *conn, request_rec *r,
     struct iovec vec[2];
     fcgi_header header;
     unsigned char farray[FCGI_HEADER_LEN];
-    apr_size_t bodylen;
+    apr_size_t bodylen, envlen;
     char *body, *itr;
     apr_status_t rv;
     apr_size_t len;
-    int i;
+    int i, numenv;
 
     ap_add_common_vars(r);
     ap_add_cgi_vars(r);
 
     /* XXX are there any FastCGI specific env vars we need to send? */
 
-    /* XXX What if there is over 64k worth of data in the env? */
-    bodylen = 0;
+    bodylen = envlen = 0;
 
     /* XXX mod_cgi/mod_cgid use ap_create_environment here, which fills in
      *     the TZ value specially.  We could use that, but it would mean
@@ -245,13 +244,13 @@ static apr_status_t send_environment(proxy_conn_rec *conn, request_rec *r,
         keylen = strlen(elts[i].key);
 
         if (keylen >> 7 == 0) {
-            bodylen += 1;
+            envlen += 1;
         }
         else {
-            bodylen += 4;
+            envlen += 4;
         }
 
-        bodylen += keylen;
+        envlen += keylen;
 
         vallen = strlen(elts[i].val);
 
@@ -262,20 +261,31 @@ static apr_status_t send_environment(proxy_conn_rec *conn, request_rec *r,
 #endif
 
         if (vallen >> 7 == 0) {
-            bodylen += 1;
+            envlen += 1;
         }
         else {
-            bodylen += 4;
+            envlen += 4;
         }
 
-        bodylen += vallen;
+        envlen += vallen;
+
+        if (envlen > FCGI_MAX_ENV_SIZE) {
+            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+                          "proxy: FCGI: truncating environment to %d bytes and %d elements",
+                          (int)bodylen, i);
+            break;
+        }
+
+        bodylen = envlen;
     }
 
+    numenv = i;
+
     body = apr_pcalloc(r->pool, bodylen);
 
     itr = body;
 
-    for (i = 0; i < envarr->nelts; ++i) {
+    for (i = 0; i < numenv; ++i) {
         apr_size_t keylen, vallen;
        
         if (! elts[i].key) {