Alexander, thank you - really - very much for the reply.

Shame on me for a slow response.

The CGI's env. variable CONTENT_LENGTH is set from the
client's header (see /usr/src/usr.sbin/httpd/src/main/util_script.c:

Please excuse me for being mistaken in these (as well as the ones
in the previous mails) basics.

On 31/05/06, Alexander Farber <[EMAIL PROTECTED]> wrote:
This is bad because CONTENT_LENGTH could be > sizeof(buff):

So client could cause buff overflow by specifying wrong
CONTENT_LENGTH in the custom-crafted headers. In that case,
even the apache's 414 Request-URI Too Large could not prevent the
problem,right?

So the only solution I can figure out is allocate buffer >= than
#define DEFAULT_LIMIT_REQUEST_LINE 8190 and to sscanf it to
pick up the needed data from the headers sent from client.

It seems like reinventing the wheel, really. Of course, I will google
on it right away, but how e.g. mod_perl or other cgi's are dealing with it?

I missed something obvious, right?

Reply via email to