diff options
| -rw-r--r-- | changes-entries/pr68970.txt | 4 | ||||
| -rw-r--r-- | modules/generators/cgi_common.h | 7 |
2 files changed, 10 insertions, 1 deletions
diff --git a/changes-entries/pr68970.txt b/changes-entries/pr68970.txt new file mode 100644 index 0000000000..e598230a53 --- /dev/null +++ b/changes-entries/pr68970.txt @@ -0,0 +1,4 @@ + *) mod_cgi/mod_cgid: Reject CGI output with a Transfer-Encoding + header to avoid unexpected or corrupted responses. PR 68970. + [Joe Orton] + diff --git a/modules/generators/cgi_common.h b/modules/generators/cgi_common.h index 7c985a7e1c..c8571321d1 100644 --- a/modules/generators/cgi_common.h +++ b/modules/generators/cgi_common.h @@ -438,7 +438,12 @@ static int cgi_handle_response(request_rec *r, int nph, apr_bucket_brigade *bb, */ if (!apr_table_get(r->subprocess_env, AP_TRUST_CGILIKE_CL_ENVVAR)) apr_table_unset(r->headers_out, "Content-Length"); - apr_table_unset(r->headers_out, "Transfer-Encoding"); + + if (apr_table_get(r->headers_out, "Transfer-Encoding") != NULL) { + apr_brigade_cleanup(bb); + return log_scripterror(r, conf, HTTP_BAD_GATEWAY, 0, APLOGNO(10501), + "script sent Transfer-Encoding"); + } if (ret != OK) { /* In the case of a timeout reading script output, clear |