From: Fabian Keil Date: Sun, 21 Oct 2012 12:54:15 +0000 (+0000) Subject: Deal with unsupported methods sent to the CGI pages by discarding any data following... X-Git-Tag: v_3_0_20~226 X-Git-Url: http://www.privoxy.org/gitweb/%22https:/faq/developer-manual/man-page/static/@user-manual@@actions-help-prefix@ACTIONS-FILE?a=commitdiff_plain;h=8264f40fd3bc5a641872ad20ff76d4a8dab67b62;p=privoxy.git Deal with unsupported methods sent to the CGI pages by discarding any data following the headers --- diff --git a/cgi.c b/cgi.c index d39e4a0e..9e1e8e41 100644 --- a/cgi.c +++ b/cgi.c @@ -1,4 +1,4 @@ -const char cgi_rcs[] = "$Id: cgi.c,v 1.154 2012/07/23 12:42:53 fabiankeil Exp $"; +const char cgi_rcs[] = "$Id: cgi.c,v 1.155 2012/09/18 18:29:55 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/cgi.c,v $ @@ -346,6 +346,21 @@ struct http_response *dispatch_cgi(struct client_state *csp) return NULL; } + if (strcmpic(csp->http->gpc, "GET") + && strcmpic(csp->http->gpc, "HEAD")) + { + log_error(LOG_LEVEL_ERROR, + "CGI request with unsupported method received: %s", csp->http->gpc); + /* + * The CGI pages currently only support GET and HEAD requests. + * + * If the client used a different method, ditch any data following + * the current headers to reduce the likelihood of parse errors + * with the following request. + */ + csp->client_iob->eod = csp->client_iob->cur; + } + /* * This is a CGI call. */