https://bugzilla.suse.com/show_bug.cgi?id=1226217 https://bugzilla.suse.com/show_bug.cgi?id=1226217#c8 --- Comment #8 from David Anes --- (In reply to Dirk Stoecker from comment #7)

Here a short test script showing both issues:

#!/usr/bin/perl

print "Status: 200 OK\r\n"; print "Transfer-Encoding: chunked\r\n"; print "Content-Length: 3\r\n"; print "\r\n"; print "3\r\n"; print "---\r\n"; print "0\r\n"; print "\r\n";

Isn't this wrong as per http spec?

3. If a message is received with both a Transfer-Encoding and a Content-Length header field, the Transfer-Encoding overrides the Content-Length. Such a message might indicate an attempt to perform request smuggling (Section 11.2) or response splitting (Section 11.1) and ought to be handled as an error. An intermediary that chooses to forward the message MUST first remove the received Content-Length field and process the Transfer-Encoding (as described below) prior to forwarding the message downstream.

https://www.rfc-editor.org/rfc/rfc9112#name-message-body-length The problem I see is that our patches are missing a patch that was added later to show an error instead of processing the request (https://github.com/apache/httpd/pull/444) Can you try the same but removing "Transfer-Encoding" from the perl CGI? -- You are receiving this mail because: You are on the CC list for the bug.