At present, ngx_http_uwsgi_module.c's ngx_http_uwsgi_create_request() has
nothing to stop it from dispatching a request exceeding what is possible
per the uwsgi protocol:

https://uwsgi-docs.readthedocs.io/en/latest/Protocol.html

The limit is 65,535 (0xffff) and when a request exceeds that size, this
function is currently just overflowing, with the uwsgi handler receiving a
large buffer with a length that doesn't match it.

Would someone review and help me get the below code to be accepted?

Thank you,
Chris

--- ngx_http_uwsgi_module.c.original 2018-08-22 23:41:16.309151481 +0000
+++ ngx_http_uwsgi_module.c 2018-08-22 23:43:39.546795158 +0000
@@ -960,6 +960,13 @@
}
#endif

+ /* enforce uwsgi protocol max len of uint16 */
+ if (len > 0xffff) {
+ ngx_log_error (NGX_LOG_ALERT, r->connection->log, 0,
+ "uwsgi request is too large for uwsgi protocol: %uz", len);
+ return NGX_ERROR;
+ }
+
b = ngx_create_temp_buf(r->pool, len + 4);
if (b == NULL) {
return NGX_ERROR;
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel