Explicitly reject CGI output which includes a Transfer-Encoding

header, rather than drop it and send what's likely to be an unexpected or corrupted response. * modules/generators/cgi_common.h (cgi_handle_response): Send a 502 error if Transfer-Encoding is present in the response headers. PR: 68970 Github: closes #444 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1917835 13f79535-47bb-0310-9956-ffa450edef68
author: Joe Orton <jorton@apache.org> 2024-05-20 11:18:10 +0200
committer: Joe Orton <jorton@apache.org> 2024-05-20 11:18:10 +0200
commit: e03580554f17084877c6db4d79885ac00c77fa49 (patch)
tree: 47dd11bd5845638c7fc9af4108e4479e22cc455d /changes-entries
parent: Force ci build. (diff)
download: apache2-e03580554f17084877c6db4d79885ac00c77fa49.tar.xz
apache2-e03580554f17084877c6db4d79885ac00c77fa49.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/changes-entries/pr68970.txt b/changes-entries/pr68970.txt
new file mode 100644
index 0000000000..e598230a53
--- /dev/null
+++ b/changes-entries/pr68970.txt
@@ -0,0 +1,4 @@
+  *) mod_cgi/mod_cgid: Reject CGI output with a Transfer-Encoding
+     header to avoid unexpected or corrupted responses.  PR 68970.
+     [Joe Orton]
+
author	Joe Orton <jorton@apache.org>	2024-05-20 11:18:10 +0200
committer	Joe Orton <jorton@apache.org>	2024-05-20 11:18:10 +0200
commit	e03580554f17084877c6db4d79885ac00c77fa49 (patch)
tree	47dd11bd5845638c7fc9af4108e4479e22cc455d /changes-entries
parent	Force ci build. (diff)
download	apache2-e03580554f17084877c6db4d79885ac00c77fa49.tar.xz apache2-e03580554f17084877c6db4d79885ac00c77fa49.zip