httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52605] New: LimitRequestLine not taken into account when talking to CGI script
Date Sun, 05 Feb 2012 17:27:48 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52605

             Bug #: 52605
           Summary: LimitRequestLine not taken into account when talking
                    to CGI script
           Product: Apache httpd-2
           Version: 2.2.16
          Platform: PC
               URL: http://bugs.debian.org/638011
        OS/Version: Linux
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: jmv_deb@nirgal.com
    Classification: Unclassified


From: Riccardo Murri <riccardo.murri@gmail.com>

As of version 2.2.16, Apache applies a fixed line length limit of 8192
bytes when talking to a CGI script: in file `server/util_script.c`,
function `ap_scan_script_header_err_core`, at lines 403--433,
one can read:

        char x[MAX_STRING_LEN];
        char *w, *l;
        [...]
        if (buffer) {
            *buffer = '\0';
        }
        w = buffer ? buffer : x;
        [...]
        while (1) {
            int rv = (*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data);

where `MAX_STRING_LEN` is defined in `httpd.h` to be equal to
`HUGE_STRING_LEN`, that is, 8192.

The directive `LimitRequestLine` should apply here as well, or the
documentation should make it clear that this setting does not
influence the CGI module.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message