Alexander, thank you - really - very much for the reply.
Shame on me for a slow response.
The CGI's env. variable CONTENT_LENGTH is set from the client's header (see /usr/src/usr.sbin/httpd/src/main/util_script.c:
Please excuse me for being mistaken in these (as well as the ones in the previous mails) basics. On 31/05/06, Alexander Farber <[EMAIL PROTECTED]> wrote:
This is bad because CONTENT_LENGTH could be > sizeof(buff):
So client could cause buff overflow by specifying wrong CONTENT_LENGTH in the custom-crafted headers. In that case, even the apache's 414 Request-URI Too Large could not prevent the problem,right? So the only solution I can figure out is allocate buffer >= than #define DEFAULT_LIMIT_REQUEST_LINE 8190 and to sscanf it to pick up the needed data from the headers sent from client. It seems like reinventing the wheel, really. Of course, I will google on it right away, but how e.g. mod_perl or other cgi's are dealing with it? I missed something obvious, right?
