added some extra protection to make sure key-len and val-len don't

overrun


git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1984 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.18
Jan Kneschke 2007-09-05 11:28:35 +00:00
parent 34b3ee0228
commit eaed2f1e50
1 changed files with 8 additions and 0 deletions

View File

@ -1578,6 +1578,14 @@ static int fcgi_env_add(buffer *env, const char *key, size_t key_len, const char
return -1;
}
/**
* field length can be 31bit max
*
* HINT: this can't happen as FCGI_MAX_LENGTH is only 16bit
*/
if (key_len > 0x7fffffff) key_len = 0x7fffffff;
if (val_len > 0x7fffffff) val_len = 0x7fffffff;
buffer_prepare_append(env, len);
if (key_len > 127) {