I hope this will be of some help. If it's OK, someone tag this bug with PATCH or whatever is appropriate:
sorry about the long URL: http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/2.0.x/STATUS?rev=208744&view=diff&r1=208744&r2=208743&p1=httpd/httpd/branches/2.0.x/STATUS&p2=/httpd/httpd/branches/2.0.x/STATUS and from there: http://people.apache.org/~jorton/ap_tevscl.diff Pasting in case that URL goes 404: Index: server/protocol.c =================================================================== --- server/protocol.c (revision 208743) +++ server/protocol.c (working copy) @@ -885,6 +885,15 @@ apr_brigade_destroy(tmp_bb); return r; } + + if (apr_table_get(r->headers_in, "Transfer-Encoding") + && apr_table_get(r->headers_in, "Content-Length")) { + /* 2616 section 4.4, point 3: "if both Transfer-Encoding + * and Content-Length are received, the latter MUST be + * ignored"; so unset it here to prevent any confusion + * later. */ + apr_table_unset(r->headers_in, "Content-Length"); + } } else { if (r->header_only) { It seems this is the vulnerability-specific part of the patch. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
