On Sun, Sep 14, 2025 at 02:57:19AM +0000, Ben Kallus wrote:
> When OpenBSD httpd is configured to use FastCGI, and it receives a
> request with a chunked message body, it echoes the request body as a
> prefix to the response.
I'm not at work today, so I don't have access to an up to date -current
machine, but I tested against 7.7-release and can confirm that the request
body is indeed returned by the server, so there is a bug here.
However, I'm not seeing it prepended to the regular server response, in other
words the entire server response is just the submitted request body:
> ```
> POST / HTTP/1.1\r\n
> Host: a\r\n
> Transfer-Encoding: chunked\r\n
> \r\n
> 64HTTP/1.1 200 OK\r\n
> Content-Length: 39\r\n
> \r\n
> <script>alert("hello world")</script>\r\n
> ```
>
> ...and get the following back from httpd:
> ```
> 64HTTP/1.1 200 OK\r\n
> Content-Length: 39\r\n
> \r\n
> <script>alert("hello world")</script>\r\n
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
I'm only getting up to here.
Looking at cvs, I don't see any post 7.7-release changes that would cause
this behaviour to be different.
