From: Yann Ylavic Date: Thu, 23 Jul 2020 14:09:50 +0000 (+0000) Subject: mod_proxy_uwsgi: Error out on HTTP header larger than 16K X-Git-Tag: 2.5.0-alpha2-ci-test-only~1256 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb08e475bf322f081665fa6f9d9e346136df9337;p=thirdparty%2Fapache%2Fhttpd.git mod_proxy_uwsgi: Error out on HTTP header larger than 16K The uwsgi protocol does not let us serialize more than 16K of HTTP header, so fail early with 500 if it happens. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1880205 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index bbd6d1ec64e..87fbed97867 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_proxy_uwsgi: Error out on HTTP header larger than 16K (hard + protocol limit). [Yann Ylavic] + *) mod_dav: Some DAV extensions, like CalDAV, specify both document elements and property elements that need to be taken into account when generating a property. The document element and property element diff --git a/modules/proxy/mod_proxy_uwsgi.c b/modules/proxy/mod_proxy_uwsgi.c index 87f82a1d4d2..3df6ad2475c 100644 --- a/modules/proxy/mod_proxy_uwsgi.c +++ b/modules/proxy/mod_proxy_uwsgi.c @@ -136,7 +136,7 @@ static int uwsgi_send_headers(request_rec *r, proxy_conn_rec * conn) int j; apr_size_t headerlen = 4; - apr_uint16_t pktsize, keylen, vallen; + apr_size_t pktsize, keylen, vallen; const char *script_name; const char *path_info; const char *auth; @@ -178,6 +178,15 @@ static int uwsgi_send_headers(request_rec *r, proxy_conn_rec * conn) headerlen += 2 + strlen(env[j].key) + 2 + (env[j].val ? strlen(env[j].val) : 0); } + pktsize = headerlen - 4; + if (pktsize > APR_UINT16_MAX) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO() + "can't send headers to %s:%u: packet size too " + "large (%" APR_SIZE_T_FMT ")", + conn->hostname, conn->port, pktsize); + return HTTP_INTERNAL_SERVER_ERROR; + } + ptr = buf = apr_palloc(r->pool, headerlen); ptr += 4; @@ -198,8 +207,6 @@ static int uwsgi_send_headers(request_rec *r, proxy_conn_rec * conn) ptr += vallen; } - pktsize = headerlen - 4; - buf[0] = 0; buf[1] = (apr_byte_t) (pktsize & 0xff); buf[2] = (apr_byte_t) ((pktsize >> 8) & 0xff);