Proper fix for bug #37205

diff --git a/sapi/cgi/fastcgi.c b/sapi/cgi/fastcgi.c
index 152c8c16297b96a8cc3fc6326630bc610c5f89b5..571cdab7727029600c067a32293b8102ee511882 100644 (file)
--- a/sapi/cgi/fastcgi.c
+++ b/sapi/cgi/fastcgi.c
@@ -441,6 +441,7 @@ static int fcgi_read_request(fcgi_request *req)
        unsigned char buf[FCGI_MAX_LENGTH+8];
 
        req->keep = 0;
+       req->has_in = 0;
        req->in_len = 0;
        req->out_hdr = NULL;
        req->out_pos = req->out_buf;
@@ -509,6 +510,15 @@ static int fcgi_read_request(fcgi_request *req)
                        len = (hdr.contentLengthB1 << 8) | hdr.contentLengthB0;
                        padding = hdr.paddingLength;
                }
+               if (safe_read(req, &hdr, sizeof(fcgi_header)) != sizeof(fcgi_header) ||
+                   hdr.version < FCGI_VERSION_1 ||
+                   hdr.type != FCGI_STDIN) {
+                       req->keep = 0;
+                       return 0;
+               }
+               req->in_len = (hdr.contentLengthB1 << 8) | hdr.contentLengthB0;
+               req->in_pad = hdr.paddingLength;
+               req->has_in = (req->in_len != 0);
        } else if (hdr.type == FCGI_GET_VALUES) {
                int i, j;
                int name_len;
@@ -551,6 +561,9 @@ int fcgi_read(fcgi_request *req, char *str, int len)
        fcgi_header hdr;
        unsigned char buf[8];
 
+       if (!req->has_in) {
+               return 0;
+       }
        n = 0;
        rest = len;
        while (rest > 0) {

diff --git a/sapi/cgi/fastcgi.h b/sapi/cgi/fastcgi.h
index 7c910e1abb61e152b1f2f0462989960797296d2e..bb13f4bfe57c7901c0f8acbc45a6d2031f9fb570 100644 (file)
--- a/sapi/cgi/fastcgi.h
+++ b/sapi/cgi/fastcgi.h
@@ -97,6 +97,7 @@ typedef struct _fcgi_request {
        int            id;
        int            keep;
 
+       int            has_in;
        int            in_len;
        int            in_pad;