From 2abdd3df894d41edc512500bfc5b77650fee7d13 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Sat, 11 May 2024 21:33:09 +0200
Subject: [PATCH] apache2: let httpd handle CL/TE for non-http handlers

Fix #2635

origin: https://github.com/apache/httpd/commit/a29723ce1af75eed0813c3717d3f6dee9b405ca8.patch
bug-cve: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
---
 apache2/mod_proxy_uwsgi.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/apache2/mod_proxy_uwsgi.c b/apache2/mod_proxy_uwsgi.c
index 026e63e03..c28714ceb 100644
--- a/apache2/mod_proxy_uwsgi.c
+++ b/apache2/mod_proxy_uwsgi.c
@@ -374,6 +374,12 @@ static int uwsgi_response(request_rec *r, proxy_conn_rec *backend, proxy_server_
 	  return HTTP_BAD_GATEWAY;
 	}
 
+	/* T-E wins over C-L */
+	if (apr_table_get(r->headers_out, "Transfer-Encoding")) {
+		apr_table_unset(r->headers_out, "Content-Length");
+		backend->close = 1;
+	}
+
 	if ((buf = apr_table_get(r->headers_out, "Content-Type"))) {
 		ap_set_content_type(r, apr_pstrdup(r->pool, buf));
 	}