So client could cause buff overflow by specifying wrong CONTENT_LENGTH in the custom-crafted headers. In that case, even the apache's 414 Request-URI Too Large could not prevent the problem,right?
Not to waste readers' (if any) time, I will be more detailed: I have meant In that case, even the apache's 414 Request-URI Too Large could not prevent the problem, as buff overflow still could be caused for the headers smaller than 8190 as they would pass httpd check but misinform and would potencialy make to panic my cgi.c, right? And there is no reliable way to determine the CONTENT_LENGTH inside the httpd from the client input given as headers might vary, right?
