[PATCH] uwsgi - prevent protocol overflow
Maxim Dounin
mdounin at mdounin.ru
Mon Sep 3 16:33:33 UTC 2018
Hello!
On Wed, Aug 22, 2018 at 11:57:02PM +0000, Chris Caputo wrote:
> At present, ngx_http_uwsgi_module.c's ngx_http_uwsgi_create_request() has
> nothing to stop it from dispatching a request exceeding what is possible
> per the uwsgi protocol:
>
> https://uwsgi-docs.readthedocs.io/en/latest/Protocol.html
>
> The limit is 65,535 (0xffff) and when a request exceeds that size, this
> function is currently just overflowing, with the uwsgi handler receiving a
> large buffer with a length that doesn't match it.
>
> Would someone review and help me get the below code to be accepted?
>
> Thank you,
> Chris
>
> --- ngx_http_uwsgi_module.c.original 2018-08-22 23:41:16.309151481 +0000
> +++ ngx_http_uwsgi_module.c 2018-08-22 23:43:39.546795158 +0000
> @@ -960,6 +960,13 @@
> }
> #endif
>
> + /* enforce uwsgi protocol max len of uint16 */
> + if (len > 0xffff) {
> + ngx_log_error (NGX_LOG_ALERT, r->connection->log, 0,
> + "uwsgi request is too large for uwsgi protocol: %uz", len);
> + return NGX_ERROR;
> + }
> +
> b = ngx_create_temp_buf(r->pool, len + 4);
> if (b == NULL) {
> return NGX_ERROR;
Thanks, I've pushed a slightly simplier patch:
http://hg.nginx.org/nginx/rev/f6e7831a17d4
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx-devel
mailing list