From 8264f40fd3bc5a641872ad20ff76d4a8dab67b62 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Sun, 21 Oct 2012 12:54:15 +0000
Subject: [PATCH] Deal with unsupported methods sent to the CGI pages by
 discarding any data following the headers

---
 cgi.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/cgi.c b/cgi.c
index d39e4a0e..9e1e8e41 100644
--- a/cgi.c
+++ b/cgi.c
@@ -1,4 +1,4 @@
-const char cgi_rcs[] = "$Id: cgi.c,v 1.154 2012/07/23 12:42:53 fabiankeil Exp $";
+const char cgi_rcs[] = "$Id: cgi.c,v 1.155 2012/09/18 18:29:55 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/cgi.c,v $
@@ -346,6 +346,21 @@ struct http_response *dispatch_cgi(struct client_state *csp)
       return NULL;
    }
 
+   if (strcmpic(csp->http->gpc, "GET")
+    && strcmpic(csp->http->gpc, "HEAD"))
+   {
+      log_error(LOG_LEVEL_ERROR,
+         "CGI request with unsupported method received: %s", csp->http->gpc);
+      /*
+       * The CGI pages currently only support GET and HEAD requests.
+       *
+       * If the client used a different method, ditch any data following
+       * the current headers to reduce the likelihood of parse errors
+       * with the following request.
+       */
+      csp->client_iob->eod = csp->client_iob->cur;
+   }
+
    /*
     * This is a CGI call.
     */
-- 
2.39.2