Reading through the fcgi code of httpd I wonder if HEAD requests are
handled correctly. In server_fcgi_read() the function just returns when it
hits the HEAD case but I think this is not correct since it does not drain
the clt_srvevb buffer and it kind of ignores possible padding bytes.
I think what the code should do is break out of the switch case and just
continue. This is still not quite right since httpd depends on the fcgi
server to close the connection (or it will do that on the next
sever_fcgi() call).
--
:wq Claudio
Index: server_fcgi.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/server_fcgi.c,v
retrieving revision 1.90
diff -u -p -r1.90 server_fcgi.c
--- server_fcgi.c 2 Mar 2022 11:10:43 -0000 1.90
+++ server_fcgi.c 11 Aug 2022 12:06:04 -0000
@@ -564,7 +564,7 @@ server_fcgi_read(struct bufferevent *bev
((struct http_descriptor *)
clt->clt_descreq)->http_method
== HTTP_METHOD_HEAD)
- return;
+ break;
if (server_fcgi_writechunk(clt) == -1) {
server_abort_http(clt, 500,
"encoding error");
