The C-L header can be set in a fcgi/cgi backend or in other
filters like ap_content_length_filter (with the value of 0),
meanwhile the message-body can be returned incorrectly
by any backend. The idea is to remove unnecessary bytes
from a HTTP 204 response.
PR 51350
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@
1773346 13f79535-47bb-0310-9956-
ffa450edef68
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) core: Drop Content-Length header and message-body from HTTP 204 responses.
+ PR 51350 [Luca Toscano]
+
*) SECURITY: CVE-2016-2161 (cve.mitre.org)
mod_auth_digest: Prevent segfaults during client entry allocation when the
shared memory space is exhausted. [Maksim Malyutin <m.malyutin dsec.ru>,
AP_DEBUG_ASSERT(!r->main);
- if (r->header_only) {
+ if (r->header_only || r->status == HTTP_NO_CONTENT) {
if (!ctx) {
ctx = f->ctx = apr_pcalloc(r->pool, sizeof(header_filter_ctx));
}
apr_table_unset(r->headers_out, "Content-Length");
}
+ if (r->status == HTTP_NO_CONTENT) {
+ apr_table_unset(r->headers_out, "Content-Length");
+ }
+
ctype = ap_make_content_type(r, r->content_type);
if (ctype) {
apr_table_setn(r->headers_out, "Content-Type", ctype);
ap_pass_brigade(f->next, b2);
- if (r->header_only) {
+ if (r->header_only || r->status == HTTP_NO_CONTENT) {
apr_brigade_cleanup(b);
ctx->headers_sent = 1;
return OK;
projects / apache / commitdiff