Bug 68907 - replace ap_trust_cgilike_cl with a validating CL filter

Summary: replace ap_trust_cgilike_cl with a validating CL filter

Status: NEW Alias: None Product: Apache httpd-2 Classification: Unclassified Component: Core (show other bugs) Version: 2.4.59 Hardware: PC All Importance: P2 enhancement (vote) Target Milestone: --- Assignee: Apache HTTPD Bugs Mailing List URL: Keywords: Depends on: Blocks:		Reported: 2024-04-17 00:20 UTC by Eric Covener Modified: 2024-04-17 00:20 UTC (History) CC List: 0 users

Attachments Add an attachment (proposed patch, testcase, etc.) Note You need to log in before you can comment on or make changes to this bug.

Description Eric Covener 2024-04-17 00:20:54 UTC Instead of the current ban on Content-Length from CGI-like modules, we could let these headers through and validate the length in some core filter, making sure a short or long response results in a terminated connection. This would replace the whitelisting via ap_trust_cgilike_cl

---

• Format For Printing
•  - XML
•  - Clone This Bug
•  - Top of page

This is ASF Bugzilla: the Apache Software Foundation bug system. In case of problems with the functioning of ASF Bugzilla, please contact bugzilla-admin@apache.org. Please Note: this e-mail address is only for reporting problems with ASF Bugzilla. Mail about any other subject will be silently ignored.

• • Home
  • | New
  • | Browse
  • | Search
  • |
    [?]
  • | Reports
  • | Help
  • | New Account
  • | Log In
    Remember [x]
  • | Forgot Password
    Login: [x]