From: Jim Jagielski <jim@apache.org>
Date: Tue, 3 Jan 2006 18:05:54 +0000 (+0000)
Subject: Garret has a good point... even though we are sending the whole
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a1d921e23c9ace3a483851efb195a0de2ef9f55;p=thirdparty%2Fapache%2Fhttpd.git

Garret has a good point... even though we are sending the whole
struct, and assuming that it's following the correct format,
we should be extra careful when rec'ing the header info, and
ensure that each byte is followed one after another.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/fcgi-proxy-dev@365698 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
index f05a08485a1..f18833061f2 100644
--- a/modules/proxy/mod_proxy_fcgi.c
+++ b/modules/proxy/mod_proxy_fcgi.c
@@ -410,14 +410,21 @@ static apr_status_t dispatch(proxy_conn_rec *conn, request_rec *r,
             int rid, type = 0;
             char plen = 0;
             apr_bucket *b;
-            fcgi_header rheader;
-
+            /*
+             * below mapped to fcgi_header layout. We
+             * use a unsigned char array to ensure the
+             * shifts are correct and avoid any potential
+             * internal padding when using structs.
+             */
+            unsigned char fheader[FCGI_HEADER_LEN];
+
+            memset(fheader, 0, FCGI_HEADER_LEN);
             memset(readbuf, 0, sizeof(readbuf));
 
             /* First, we grab the header... */
             readbuflen = FCGI_HEADER_LEN;
 
-            rv = apr_socket_recv(conn->sock, (char *)&rheader, &readbuflen);
+            rv = apr_socket_recv(conn->sock, fheader, &readbuflen);
             if (rv != APR_SUCCESS) {
                 break;
             }
@@ -429,7 +436,7 @@ static apr_status_t dispatch(proxy_conn_rec *conn, request_rec *r,
                 break;
             }
 
-            if (rheader.version != FCGI_VERSION) {
+            if (fheader[0] != FCGI_VERSION) {
                 ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
                              "proxy: FCGI: Got bogus version %d",
                              (int) readbuf[0]);
@@ -437,10 +444,10 @@ static apr_status_t dispatch(proxy_conn_rec *conn, request_rec *r,
                 break;
             }
 
-            type = rheader.type;
+            type = fheader[1];
 
-            rid |= rheader.requestIdB1 << 8;
-            rid |= rheader.requestIdB0 << 0;
+            rid |= fheader[2] << 8;
+            rid |= fheader[3] << 0;
 
             if (rid != request_id) {
                 ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
@@ -452,10 +459,10 @@ static apr_status_t dispatch(proxy_conn_rec *conn, request_rec *r,
 #endif
             }
 
-            clen |= rheader.contentLengthB1 << 8;
-            clen |= rheader.contentLengthB0 << 0;
+            clen |= fheader[4] << 8;
+            clen |= fheader[5] << 0;
 
-            plen = rheader.paddingLength;
+            plen = fheader[6];
 
 recv_again:
             if (clen > sizeof(readbuf) - 1) {