Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
CGI Handler too many headers #1224
struct cherokee_handler_cgi_t (handler_cgi.h) consist of a fixed sized array (char *envp[ENV_VAR_NUM]) for environ variables. Sending a request with a lot of headers, causes to
increment int envp_last to a value greater than ENV_VAR_NUM resulting in reading outside the array.
found by: Mateusz Kocielski, Michał Dardas from LogicalTrust