[PATCH] uwsgi - prevent protocol overflow

Chris Caputo ccaputo at alt.net
Wed Aug 22 23:57:02 UTC 2018


At present, ngx_http_uwsgi_module.c's ngx_http_uwsgi_create_request() has 
nothing to stop it from dispatching a request exceeding what is possible 
per the uwsgi protocol:

  https://uwsgi-docs.readthedocs.io/en/latest/Protocol.html

The limit is 65,535 (0xffff) and when a request exceeds that size, this 
function is currently just overflowing, with the uwsgi handler receiving a 
large buffer with a length that doesn't match it.

Would someone review and help me get the below code to be accepted?

Thank you,
Chris

--- ngx_http_uwsgi_module.c.original	2018-08-22 23:41:16.309151481 +0000
+++ ngx_http_uwsgi_module.c	2018-08-22 23:43:39.546795158 +0000
@@ -960,6 +960,13 @@
     }
 #endif
 
+    /* enforce uwsgi protocol max len of uint16 */
+    if (len > 0xffff) {
+        ngx_log_error (NGX_LOG_ALERT, r->connection->log, 0,
+                       "uwsgi request is too large for uwsgi protocol: %uz", len);
+        return NGX_ERROR;
+    }
+
     b = ngx_create_temp_buf(r->pool, len + 4);
     if (b == NULL) {
         return NGX_ERROR;


More information about the nginx-devel mailing list