added some extra protection to make sure key-len and val-len don't

overrun git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1984 152afb58-edef-0310-8abb-c4023f1b3aa9
15 years ago · eaed2f1e50
1 changed files with 8 additions and 0 deletions
--- a/src/mod_fastcgi.c
+++ b/src/mod_fastcgi.c
@ -1578,6 +1578,14 @@ static int fcgi_env_add(buffer *env, const char *key, size_t key_len, const char
 		return -1;
 	}

+	/**
+	 * field length can be 31bit max
+	 *
+	 * HINT: this can't happen as FCGI_MAX_LENGTH is only 16bit
+	 */
+	if (key_len > 0x7fffffff) key_len = 0x7fffffff;
+	if (val_len > 0x7fffffff) val_len = 0x7fffffff;
+
 	buffer_prepare_append(env, len);

 	if (key_len > 127) {