-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Malformed requests when using more than 8192 bytes of parameters #13
Comments
I sadly cannot send you the dumps, as they contain sensitive information, but I can look things up if you want to. The error reported by wireshark is sadly not very informative.
|
your welcome to send pull request to fix it. |
you've tryed to change the 8192 size in FCGX_CreateWriter argument to see if simply this size that had been reached or more complex thing ? |
you've catched the exit status of the cgi-fcgi binary ? because in the loop after the createwriter they exit hard if fail to putstr:
|
The size of the parameter buffer is set fixed to 8KB, see
fcgi2/cgi-fcgi/cgi-fcgi.c
Line 814 in 856ac83
Using more then ~8KB of parameters will cause malformed requests.
In our case we were sending around 8184 bytes (according to wireshark):
Here is the output of the same request with slightly less data, which is working:
We could not really track it down far into the code, but I never saw the stream buffer size being reset somewhere. But as a second parameter set is sent (see wireshark protocol) it could also be an off-by-one error or similar.
The text was updated successfully, but these errors were encountered: