34 lines
1.2 KiB
Diff
34 lines
1.2 KiB
Diff
From d04119e6e591f7b21222e749387a8b39e9092a1b Mon Sep 17 00:00:00 2001
|
|
From: Eric Covener <covener@apache.org>
|
|
Date: Sun, 26 Apr 2026 15:57:55 +0000
|
|
Subject: [PATCH] Merge r1933347 from trunk:
|
|
|
|
fix ajp_msg_check_header check
|
|
|
|
|
|
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1933348 13f79535-47bb-0310-9956-ffa450edef68
|
|
---
|
|
modules/proxy/ajp_msg.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/modules/proxy/ajp_msg.c b/modules/proxy/ajp_msg.c
|
|
index 3d4186a521c..3454f621828 100644
|
|
--- a/modules/proxy/ajp_msg.c
|
|
+++ b/modules/proxy/ajp_msg.c
|
|
@@ -166,11 +166,11 @@ apr_status_t ajp_msg_check_header(ajp_msg_t *msg, apr_size_t *len)
|
|
msglen = ((head[2] & 0xff) << 8);
|
|
msglen += (head[3] & 0xFF);
|
|
|
|
- if (msglen > msg->max_size) {
|
|
+ if (msglen > (msg->max_size - AJP_HEADER_LEN)) {
|
|
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, APLOGNO(01081)
|
|
"ajp_msg_check_header() incoming message is "
|
|
"too big %" APR_SIZE_T_FMT ", max is %" APR_SIZE_T_FMT,
|
|
- msglen, msg->max_size);
|
|
+ msglen, msg->max_size - AJP_HEADER_LEN);
|
|
return AJP_ETOBIG;
|
|
}
|
|
|
|
|