head	1.2;
access;
symbols
	RELEASE_6_0_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2005.10.14.13.54.09;	author clement;	state dead;
branches;
next	1.1;

1.1
date	2005.07.26.10.10.35;	author clement;	state Exp;
branches;
next	;


desc
@@


1.2
log
@- Update to 2.0.55
@
text
@--- server/protocol.c	2005/07/14 16:49:17	219060
+++ server/protocol.c	2005/07/14 16:51:55	219061
@@@@ -885,6 +885,15 @@@@
             apr_brigade_destroy(tmp_bb);
             return r;
         }
+
+        if (apr_table_get(r->headers_in, "Transfer-Encoding")
+            && apr_table_get(r->headers_in, "Content-Length")) {
+            /* 2616 section 4.4, point 3: "if both Transfer-Encoding
+             * and Content-Length are received, the latter MUST be
+             * ignored"; so unset it here to prevent any confusion
+             * later. */
+            apr_table_unset(r->headers_in, "Content-Length");
+        }
     }
     else {
         if (r->header_only) {


@


1.1
log
@- Add fix for CAN-2005-2088
From Changelog:
  *) SECURITY: CAN-2005-2088
     core: If a request contains both Transfer-Encoding and Content-Length
     headers, remove the Content-Length, mitigating some HTTP Request
     Splitting/Spoofing attacks.  [Paul Querna, Joe Orton]

- Rename previous patch to CVE ID
- bump PORTREVISION

Security:       CAN-2005-2088
Obtained From: Apache repository
@
text
@@

