From: Ruediger Pluem <rpluem@apache.org>
Date: Mon, 23 Jan 2023 08:59:14 +0000 (+0000)
Subject: * Report an error if the AJP backend sends an invalid number of headers
X-Git-Tag: 2.5.0-alpha2-ci-test-only~139
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=296a99c3102e4dd91153a8fb732275b804f001fc;p=thirdparty%2Fapache%2Fhttpd.git

* Report an error if the AJP backend sends an invalid number of headers

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906940 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/changes-entries/ajp_invalid_number_of_headers.txt b/changes-entries/ajp_invalid_number_of_headers.txt
new file mode 100644
index 00000000000..86573046089
--- /dev/null
+++ b/changes-entries/ajp_invalid_number_of_headers.txt
@@ -0,0 +1,2 @@
+  *) mod_proxy_ajp: Report an error if the AJP backend sends an invalid number
+     of headers. [Ruediger Pluem]
diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c
index b4dc47ccf50..a09a2e43a36 100644
--- a/modules/proxy/ajp_header.c
+++ b/modules/proxy/ajp_header.c
@@ -584,8 +584,15 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg,
         r->headers_out = save_table;
     }
     else {
-        r->headers_out = NULL;
+        /*
+         * Reset headers, but not to NULL because things below the chain expect
+         * this to be non NULL e.g. the ap_content_length_filter.
+         */
+        r->headers_out = apr_table_make(r->pool, 1);
         num_headers = 0;
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10405)
+                "ajp_unmarshal_response: Bad number of headers");
+        return rc;
     }
 
     ap_log_rerror(APLOG_MARK, APLOG_TRACE4, 0, r,