Overview

File uwsgi-CVE-2024-24795.patch of Package uwsgi.36286

From e60617300bd1e530569a3816bd30ad6ae147cb9d Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Sat, 11 May 2024 21:33:09 +0200
Subject: [PATCH] apache2: let httpd handle CL/TE for non-http handlers

Fix #2635

origin: https://github.com/apache/httpd/commit/a29723ce1af75eed0813c3717d3f6dee9b405ca8.patch
bug-cve: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
---
 apache2/mod_proxy_uwsgi.c | 6 ++++++
 1 file changed, 6 insertions(+)

Index: uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c
===================================================================
--- uwsgi-2.0.19.1.orig/apache2/mod_proxy_uwsgi.c
+++ uwsgi-2.0.19.1/apache2/mod_proxy_uwsgi.c
@@ -366,6 +366,12 @@ static int uwsgi_response(request_rec *r
 		apr_table_add(r->headers_out, buffer, value);
 	}
 
+	/* T-E wins over C-L */
+	if (apr_table_get(r->headers_out, "Transfer-Encoding")) {
+		apr_table_unset(r->headers_out, "Content-Length");
+		backend->close = 1;
+	}
+
 	if ((buf = apr_table_get(r->headers_out, "Content-Type"))) {
 		ap_set_content_type(r, apr_pstrdup(r->pool, buf));
 	}
openSUSE Build Service is sponsored by
Places