diff options
author | Joe Orton <jorton@apache.org> | 2024-05-20 11:18:10 +0200 |
---|---|---|
committer | Joe Orton <jorton@apache.org> | 2024-05-20 11:18:10 +0200 |
commit | e03580554f17084877c6db4d79885ac00c77fa49 (patch) | |
tree | 47dd11bd5845638c7fc9af4108e4479e22cc455d /changes-entries/pr68970.txt | |
parent | Force ci build. (diff) | |
download | apache2-e03580554f17084877c6db4d79885ac00c77fa49.tar.xz apache2-e03580554f17084877c6db4d79885ac00c77fa49.zip |
Explicitly reject CGI output which includes a Transfer-Encoding
header, rather than drop it and send what's likely to be an unexpected
or corrupted response.
* modules/generators/cgi_common.h (cgi_handle_response): Send a 502
error if Transfer-Encoding is present in the response headers.
PR: 68970
Github: closes #444
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1917835 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'changes-entries/pr68970.txt')
-rw-r--r-- | changes-entries/pr68970.txt | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/changes-entries/pr68970.txt b/changes-entries/pr68970.txt new file mode 100644 index 0000000000..e598230a53 --- /dev/null +++ b/changes-entries/pr68970.txt @@ -0,0 +1,4 @@ + *) mod_cgi/mod_cgid: Reject CGI output with a Transfer-Encoding + header to avoid unexpected or corrupted responses. PR 68970. + [Joe Orton] + |