https://bz.apache.org/bugzilla/show_bug.cgi?id=68905
--- Comment #4 from Yann Ylavic <ylavic....@gmail.com> --- I agree, for HTTP/1.1 httpd would send "Transfer-Encoding: chunked" but not here because of the HTTP/1.0 request. So the only option for httpd is either: 1. bufferize/spool the response to get the full Content-Length before sending the whole in a one go 2. forward the CGI provided Content-Length and verify that the actual body does not overflow it (or abort the connection) 3. trust the CGI provided Content-Length (which is SetEnv "ap_trust_cgilike_cl") and risk response splitting vulns. And 3. is the simpler and probably the only worth the effort for HTTP/1.0 (IMHO). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org