From 0cd947c545b13ce316d36bda21476ace5b2b3483 Mon Sep 17 00:00:00 2001
From: Yorhel <git@yorhel.nl>
Date: Fri, 25 Apr 2025 09:31:43 +0200
Subject: [PATCH] FastCGI: Ignore HTTP_CONTENT_(TYPE|LENGTH)

The non-HTTP_ versions of these are authoritative, Also fixes a memory
leak when both the HTTP_ and non-HTTP_ versions are included.
---
 c/fcgi.c | 7 +++++--
 t/fcgi.t | 7 +++++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/c/fcgi.c b/c/fcgi.c
index fdf8cae..4f886dd 100644
--- a/c/fcgi.c
+++ b/c/fcgi.c
@@ -319,8 +319,11 @@ static int fufcgi_read_params(pTHX_ fufcgi *ctx, fufcgi_rec *rec) {
                 p.name += 5;
                 for (r=0; r<p.namelen; r++)
                     p.name[r] = p.name[r] == '_' ? '-' : p.name[r] >= 'A' && p.name[r] <= 'Z' ? p.name[r] | 0x20 : p.name[r];
-                valsv = newSV(p.vallen+1);
-                hv_store(ctx->headers, p.name, p.namelen, valsv, 0);
+                if (!(p.namelen == 14 && memcmp(p.name, "content-length", 14) == 0)
+                        && !(p.namelen == 12 && memcmp(p.name, "content-type", 12) == 0)) {
+                    valsv = newSV(p.vallen+1);
+                    hv_store(ctx->headers, p.name, p.namelen, valsv, 0);
+                }
 
             } else if (p.namelen == 14 && memcmp(p.name, "CONTENT_LENGTH", 14) == 0) {
                 valsv = newSV(p.vallen+1);
diff --git a/t/fcgi.t b/t/fcgi.t
index 0711d6a..d7860dc 100644
--- a/t/fcgi.t
+++ b/t/fcgi.t
@@ -167,6 +167,13 @@ record 1, 4, "\x0c\x05CONTENT_TYPEsomet";
 record 1, 2, "";
 isrec {'content-type','somet'}, {body => ''}, -6;
 
+start;
+begin;
+record 1, 4, "\x13\x01HTTP_CONTENT_LENGTH3\x0e\x01CONTENT_LENGTH0\x13\x01HTTP_CONTENT_LENGTH5";
+record 1, 4, "";
+record 1, 5, "";
+isrec {'content-length','0'}, {body => ''};
+
 start;
 begin;
 record 1, 4, "\x0e\x05CONTENT_LENGTH65536";