Comment # 8 on bug 1226217 from David Anes 
(In reply to Dirk Stoecker from comment #7)
> Here a short test script showing both issues:
> 
> #!/usr/bin/perl
> 
> print "Status: 200 OK\r\n";
> print "Transfer-Encoding: chunked\r\n";
> print "Content-Length: 3\r\n";
> print "\r\n";
> print "3\r\n";
> print "---\r\n";
> print "0\r\n";
> print "\r\n";


Isn't this wrong as per http spec? 

> 3. If a message is received with both a Transfer-Encoding and a Content-Length header field, the Transfer-Encoding overrides the Content-Length. Such a message might indicate an attempt to perform request smuggling (Section 11.2) or response splitting (Section 11.1) and ought to be handled as an error. An intermediary that chooses to forward the message MUST first remove the received Content-Length field and process the Transfer-Encoding (as described below) prior to forwarding the message downstream.

https://www.rfc-editor.org/rfc/rfc9112#name-message-body-length

The problem I see is that our patches are missing a patch that was added later
to show an error instead of processing the request
(https://github.com/apache/httpd/pull/444)

Can you try the same but removing "Transfer-Encoding" from the perl CGI?

You are receiving this mail because: