From: Fabian Keil <fk@fabiankeil.de>
Date: Sun, 21 Oct 2012 12:54:15 +0000 (+0000)
Subject: Deal with unsupported methods sent to the CGI pages by discarding any data following... 
X-Git-Tag: v_3_0_20~226
X-Git-Url: http://www.privoxy.org/gitweb/@default-cgi@/faq/%22https:/@user-manual@?a=commitdiff_plain;h=8264f40fd3bc5a641872ad20ff76d4a8dab67b62;p=privoxy.git

Deal with unsupported methods sent to the CGI pages by discarding any data following the headers
---

diff --git a/cgi.c b/cgi.c
index d39e4a0e..9e1e8e41 100644
--- a/cgi.c
+++ b/cgi.c
@@ -1,4 +1,4 @@
-const char cgi_rcs[] = "$Id: cgi.c,v 1.154 2012/07/23 12:42:53 fabiankeil Exp $";
+const char cgi_rcs[] = "$Id: cgi.c,v 1.155 2012/09/18 18:29:55 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/cgi.c,v $
@@ -346,6 +346,21 @@ struct http_response *dispatch_cgi(struct client_state *csp)
       return NULL;
    }
 
+   if (strcmpic(csp->http->gpc, "GET")
+    && strcmpic(csp->http->gpc, "HEAD"))
+   {
+      log_error(LOG_LEVEL_ERROR,
+         "CGI request with unsupported method received: %s", csp->http->gpc);
+      /*
+       * The CGI pages currently only support GET and HEAD requests.
+       *
+       * If the client used a different method, ditch any data following
+       * the current headers to reduce the likelihood of parse errors
+       * with the following request.
+       */
+      csp->client_iob->eod = csp->client_iob->cur;
+   }
+
    /*
     * This is a CGI call.
     */