summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--wsgitools/scgi/asynchronous.py3
-rw-r--r--wsgitools/scgi/forkpool.py4
2 files changed, 7 insertions, 0 deletions
diff --git a/wsgitools/scgi/asynchronous.py b/wsgitools/scgi/asynchronous.py
index 4b1ed8f..5d0e43d 100644
--- a/wsgitools/scgi/asynchronous.py
+++ b/wsgitools/scgi/asynchronous.py
@@ -101,6 +101,9 @@ class SCGIConnection(asyncore.dispatcher):
if self.reqlen == 0:
if self.inbuff.startswith(','):
self.inbuff = self.inbuff[1:]
+ if not self.environ.get("CONTENT_LENGTH", "bad").isdigit():
+ self.close()
+ return
self.reqlen = long(self.environ["CONTENT_LENGTH"])
if self.reqlen > self.MAX_POST_SIZE:
self.close()
diff --git a/wsgitools/scgi/forkpool.py b/wsgitools/scgi/forkpool.py
index 01e544f..3597f08 100644
--- a/wsgitools/scgi/forkpool.py
+++ b/wsgitools/scgi/forkpool.py
@@ -318,6 +318,10 @@ class SCGIServer:
'\r\n'.join(map("%s: %s".__mod__, headers))))
return dumbsend
+ if not environ.get("CONTENT_LENGTH", "bad").isdigit():
+ con.close()
+ return
+
sfw = SocketFileWrapper(con, long(environ["CONTENT_LENGTH"]))
environ.update({
"wsgi.version": (1, 0),
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-16 22:11:52 +0000