From e03580554f17084877c6db4d79885ac00c77fa49 Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Mon, 20 May 2024 09:18:10 +0000
Subject: Explicitly reject CGI output which includes a Transfer-Encoding
 header, rather than drop it and send what's likely to be an unexpected or
 corrupted response.

* modules/generators/cgi_common.h (cgi_handle_response): Send a 502
  error if Transfer-Encoding is present in the response headers.

PR: 68970
Github: closes #444


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1917835 13f79535-47bb-0310-9956-ffa450edef68
---
 changes-entries/pr68970.txt | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 changes-entries/pr68970.txt

(limited to 'changes-entries')

diff --git a/changes-entries/pr68970.txt b/changes-entries/pr68970.txt
new file mode 100644
index 0000000000..e598230a53
--- /dev/null
+++ b/changes-entries/pr68970.txt
@@ -0,0 +1,4 @@
+  *) mod_cgi/mod_cgid: Reject CGI output with a Transfer-Encoding
+     header to avoid unexpected or corrupted responses.  PR 68970.
+     [Joe Orton]
+
-- 
cgit v1.2.3