From 1d851178756bbd674f9f2de6dd2e8bcdc5ee1b57 Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Wed, 24 Jun 2020 07:32:36 +0000
Subject: [PATCH] * modules/generators/mod_cgid.c (get_req): Add basic sanity  
 checking for the structure received in the CGI daemon.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879136 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/generators/mod_cgid.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c
index 3cde6992159..699d7059f9d 100644
--- a/modules/generators/mod_cgid.c
+++ b/modules/generators/mod_cgid.c
@@ -516,6 +516,14 @@ static apr_status_t get_req(int fd, request_rec *r, char **argv0, char ***env,
         return APR_SUCCESS;
     }
 
+    /* Sanity check the structure received. */
+    if (req->env_count < 0 || req->uri_len == 0
+        || req->filename_len > APR_PATH_MAX || req->filename_len == 0
+        || req->argv0_len > APR_PATH_MAX || req->argv0_len == 0
+        || req->loglevel > APLOG_TRACE8) {
+        return APR_EINVAL;
+    }
+    
     /* handle module indexes and such */
     rconf = (void **)ap_create_request_config(r->pool);
 
-- 
2.47.3