[PATCH] uwsgi - prevent protocol overflow
Chris Caputo
ccaputo at alt.net
Wed Aug 22 23:57:02 UTC 2018
At present, ngx_http_uwsgi_module.c's ngx_http_uwsgi_create_request() has
nothing to stop it from dispatching a request exceeding what is possible
per the uwsgi protocol:
https://uwsgi-docs.readthedocs.io/en/latest/Protocol.html
The limit is 65,535 (0xffff) and when a request exceeds that size, this
function is currently just overflowing, with the uwsgi handler receiving a
large buffer with a length that doesn't match it.
Would someone review and help me get the below code to be accepted?
Thank you,
Chris
--- ngx_http_uwsgi_module.c.original 2018-08-22 23:41:16.309151481 +0000
+++ ngx_http_uwsgi_module.c 2018-08-22 23:43:39.546795158 +0000
@@ -960,6 +960,13 @@
}
#endif
+ /* enforce uwsgi protocol max len of uint16 */
+ if (len > 0xffff) {
+ ngx_log_error (NGX_LOG_ALERT, r->connection->log, 0,
+ "uwsgi request is too large for uwsgi protocol: %uz", len);
+ return NGX_ERROR;
+ }
+
b = ngx_create_temp_buf(r->pool, len + 4);
if (b == NULL) {
return NGX_ERROR;
More information about the nginx-devel
mailing list