From eaed2f1e501bfa04710bcb823d749220fdd3e720 Mon Sep 17 00:00:00 2001
From: Jan Kneschke <jan@kneschke.de>
Date: Wed, 5 Sep 2007 11:28:35 +0000
Subject: [PATCH] added some extra protection to make sure key-len and val-len
 don't overrun

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1984 152afb58-edef-0310-8abb-c4023f1b3aa9
---
 src/mod_fastcgi.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/mod_fastcgi.c b/src/mod_fastcgi.c
index e4e114bb..2b1f4245 100644
--- a/src/mod_fastcgi.c
+++ b/src/mod_fastcgi.c
@@ -1578,6 +1578,14 @@ static int fcgi_env_add(buffer *env, const char *key, size_t key_len, const char
 		return -1;
 	}
 
+	/**
+	 * field length can be 31bit max
+	 *
+	 * HINT: this can't happen as FCGI_MAX_LENGTH is only 16bit
+	 */
+	if (key_len > 0x7fffffff) key_len = 0x7fffffff;
+	if (val_len > 0x7fffffff) val_len = 0x7fffffff;
+
 	buffer_prepare_append(env, len);
 
 	if (key_len > 127) {