Merge r1906940 from trunk:

author Eric Covener <covener@apache.org>

Fri, 3 Mar 2023 14:21:26 +0000 (14:21 +0000)

committer Eric Covener <covener@apache.org>

Fri, 3 Mar 2023 14:21:26 +0000 (14:21 +0000)
author Eric Covener <covener@apache.org>
Fri, 3 Mar 2023 14:21:26 +0000 (14:21 +0000)
committer Eric Covener <covener@apache.org>
Fri, 3 Mar 2023 14:21:26 +0000 (14:21 +0000)
diff --git a/changes-entries/ajp_invalid_number_of_headers.txt b/changes-entries/ajp_invalid_number_of_headers.txt

new file mode 100644 (file)

index 0000000..8657304
--- /dev/null
+++ b/changes-entries/ajp_invalid_number_of_headers.txt
@@ -0,0 +1,2 @@
+  *) mod_proxy_ajp: Report an error if the AJP backend sends an invalid number
+     of headers. [Ruediger Pluem]
diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c

index b4dc47ccf501a30f2203c3d87ca753f169de8b50..a09a2e43a363eae2c7093cacabcbc5a6f7689c59 100644 (file)
--- a/modules/proxy/ajp_header.c
+++ b/modules/proxy/ajp_header.c
@@ -584,8 +584,15 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg,
          r->headers_out = save_table;
      }
      else {
-        r->headers_out = NULL;
+        /*
+         * Reset headers, but not to NULL because things below the chain expect
+         * this to be non NULL e.g. the ap_content_length_filter.
+         */
+        r->headers_out = apr_table_make(r->pool, 1);
          num_headers = 0;
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10405)
+                "ajp_unmarshal_response: Bad number of headers");
+        return rc;
      }
  
      ap_log_rerror(APLOG_MARK, APLOG_TRACE4, 0, r,
author	Eric Covener <covener@apache.org>
	Fri, 3 Mar 2023 14:21:26 +0000 (14:21 +0000)
committer	Eric Covener <covener@apache.org>
	Fri, 3 Mar 2023 14:21:26 +0000 (14:21 +0000)
changes-entries/ajp_invalid_number_of_headers.txt	[new file with mode: 0644]	patch \| blob
modules/proxy/ajp_header.c		patch \| blob \| blame \| history