Merge r764239 from trunk:

* Check more strictly that the backend follows the AJP protocol.

Submitted by: mturk
Reviewed by: rpluem, jim, jfclere

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@768507 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 013398d3cf0f34f633bbb98e935d60da2c544795..5fecdafcee1bfb60dec7e3d9d9e0b192d95ac4f0 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@ Changes with Apache 2.2.12
      mod_proxy_ajp: Avoid delivering content from a previous request which
      failed to send a request body. PR 46949 [Ruediger Pluem]
 
+  *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
+     protocol. [Mladen Turk]
+
   *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
      to enable stricter checking of remote server certificates.
      [Ruediger Pluem]

diff --git a/STATUS b/STATUS
index 0f4d79ef9ba12b70296dd2674454fe7b77cc9443..360b4e780d321951f927ec5d49736922002f3eec 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -87,12 +87,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
- * mod_proxy_ajp: Check more strictly that the backend follows the AJP protocol.
-   Trunk version of patch:
-      http://svn.apache.org/viewvc?rev=764239&view=rev
-   Backport version for 2.2.x of patch:
-     Trunk version of patch works
-  +1: rpluem, jim, jfclere
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
index 6601cb2c8868271ea47804c24a46caf296278716..66693aa9bfec64ecc718336d3984d081a30edcfc 100644 (file)
--- a/modules/proxy/mod_proxy_ajp.c
+++ b/modules/proxy/mod_proxy_ajp.c
@@ -180,6 +180,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
     int backend_failed = 0;
     apr_off_t bb_len;
     int data_sent = 0;
+    int request_ended = 0;
     int headers_sent = 0;
     int rv = 0;
     apr_int32_t conn_poll_fd;
@@ -415,6 +416,15 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
                 }
                 break;
             case CMD_AJP13_SEND_HEADERS:
+                if (headers_sent) {
+                    /* Do not send anything to the client.
+                     * Backend already send us the headers.
+                     */
+                    backend_failed = 1;
+                    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
+                                 "proxy: Backend sent headers twice.");
+                    break;
+                }
                 /* AJP13_SEND_HEADERS: process them */
                 status = ajp_parse_header(r, conf, conn->data);
                 if (status != APR_SUCCESS) {
@@ -480,6 +490,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
                 }
                 /* XXX: what about flush here? See mod_jk */
                 data_sent = 1;
+                request_ended = 1;
                 break;
             default:
                 backend_failed = 1;
@@ -536,6 +547,17 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
             rv = DONE;
         }
     }
+    else if (!request_ended) {
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
+                     "proxy: Processing of request didn't terminate cleanly");
+        /* We had a failure: Close connection to backend */
+        conn->close++;
+        backend_failed = 1;
+        /* Return DONE to avoid error messages being added to the stream */
+        if (data_sent) {
+            rv = DONE;
+        }
+    }
     else {
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                      "proxy: got response from %pI (%s)",