mirror of
https://github.com/php/php-src.git
synced 2024-09-24 03:17:26 +00:00
Added checks for malformated FastCGI requests (Mattias Bengtsson)
This commit is contained in:
parent
b9071080f8
commit
0507b17657
@ -620,7 +620,8 @@ static int fcgi_get_params(fcgi_request *req, unsigned char *p, unsigned char *e
|
||||
val_len |= (*p++ << 8);
|
||||
val_len |= *p++;
|
||||
}
|
||||
if (p + name_len + val_len > end) {
|
||||
if (name_len + val_len < 0 ||
|
||||
name_len + val_len > end - p) {
|
||||
/* Malformated request */
|
||||
ret = 0;
|
||||
break;
|
||||
@ -676,6 +677,10 @@ static int fcgi_read_request(fcgi_request *req)
|
||||
padding = hdr.paddingLength;
|
||||
}
|
||||
|
||||
if (len + padding > FCGI_MAX_LENGTH) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
req->id = (hdr.requestIdB1 << 8) + hdr.requestIdB0;
|
||||
|
||||
if (hdr.type == FCGI_BEGIN_REQUEST && len == sizeof(fcgi_begin_request)) {
|
||||
|
Loading…
Reference in New Issue
Block a user