ISAPI answer to "Microsoft IIS False Content-Length Field DoS Vulnerability" ?

From: Bob at firstcodings (bob@firstcodings.net)
Date: 12/18/01 

From: "Bob at firstcodings" <bob@firstcodings.net>
To: <focus-ms@lists.securityfocus.com>
Date: Tue, 18 Dec 2001 20:24:52 +0100

 Hi.

Here is my OnPreprocHeaders callback :

DWORD CBlockHeaderFilter::OnPreprocHeaders(CHttpFilterContext* pCtxt,
 PHTTP_FILTER_PREPROC_HEADERS pHeaderInfo)
{
 pCtxt->AddResponseHeaders("X-CustomDebug: OnPreprocHeaders\r\n", 0);
 pHeaderInfo->SetHeader( pCtxt->m_pFC, "Content-Length:", "");
 return SF_STATUS_REQ_NEXT_NOTIFICATION;
}

This piece of code always remove the "Content-Length" header; I think it
works (tested on my box), but I don't know how IIS reacts when there is no
more "Content-Length" client header. What is it used for ?
Could someone tell me ?

By the way, the following callback seems to reproduce the exploit
(http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=exploit&id=3667)
:

DWORD CBlockHeaderFilter::OnPreprocHeaders(CHttpFilterContext* pCtxt,
 PHTTP_FILTER_PREPROC_HEADERS pHeaderInfo)
{
 pHeaderInfo->SetHeader( pCtxt->m_pFC, "Content-Length:", "5300643");
 return SF_STATUS_REQ_NEXT_NOTIFICATION;
}

Bob.