5183f0
--- a/modules/proxy/mod_proxy_uwsgi.c	2020/07/24 09:31:46	1880250
5183f0
+++ b/modules/proxy/mod_proxy_uwsgi.c	2020/07/24 09:35:25	1880251
5183f0
@@ -136,7 +136,7 @@
5183f0
     int j;
5183f0
 
5183f0
     apr_size_t headerlen = 4;
5183f0
-    apr_uint16_t pktsize, keylen, vallen;
5183f0
+    apr_size_t pktsize, keylen, vallen;
5183f0
     const char *script_name;
5183f0
     const char *path_info;
5183f0
     const char *auth;
5183f0
@@ -178,6 +178,15 @@
5183f0
         headerlen += 2 + strlen(env[j].key) + 2 + strlen(env[j].val);
5183f0
     }
5183f0
 
5183f0
+    pktsize = headerlen - 4;
5183f0
+    if (pktsize > APR_UINT16_MAX) {
5183f0
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10259)
5183f0
+                      "can't send headers to %s:%u: packet size too "
5183f0
+                      "large (%" APR_SIZE_T_FMT ")",
5183f0
+                      conn->hostname, conn->port, pktsize);
5183f0
+        return HTTP_INTERNAL_SERVER_ERROR;
5183f0
+    }
5183f0
+
5183f0
     ptr = buf = apr_palloc(r->pool, headerlen);
5183f0
 
5183f0
     ptr += 4;
5183f0
@@ -196,8 +205,6 @@
5183f0
         ptr += vallen;
5183f0
     }
5183f0
 
5183f0
-    pktsize = headerlen - 4;
5183f0
-
5183f0
     buf[0] = 0;
5183f0
     buf[1] = (apr_byte_t) (pktsize & 0xff);
5183f0
     buf[2] = (apr_byte_t) ((pktsize >> 8) & 0xff);