From: Eric Covener <covener@apache.org>
Date: Fri, 3 Mar 2023 14:21:26 +0000 (+0000)
Subject: Merge r1906940 from trunk:
X-Git-Tag: 2.4.56-candidate~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=86369476a5f5ae5f3a7270b9ed50d9ff0db0fc91;p=thirdparty%2Fapache%2Fhttpd.git

Merge r1906940 from trunk:

* Report an error if the AJP backend sends an invalid number of headers

Reviewed By: rpluem, covener, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1908026 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/changes-entries/ajp_invalid_number_of_headers.txt b/changes-entries/ajp_invalid_number_of_headers.txt
new file mode 100644
index 00000000000..86573046089
--- /dev/null
+++ b/changes-entries/ajp_invalid_number_of_headers.txt
@@ -0,0 +1,2 @@
+  *) mod_proxy_ajp: Report an error if the AJP backend sends an invalid number
+     of headers. [Ruediger Pluem]
diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c
index b4dc47ccf50..a09a2e43a36 100644
--- a/modules/proxy/ajp_header.c
+++ b/modules/proxy/ajp_header.c
@@ -584,8 +584,15 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg,
         r->headers_out = save_table;
     }
     else {
-        r->headers_out = NULL;
+        /*
+         * Reset headers, but not to NULL because things below the chain expect
+         * this to be non NULL e.g. the ap_content_length_filter.
+         */
+        r->headers_out = apr_table_make(r->pool, 1);
         num_headers = 0;
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10405)
+                "ajp_unmarshal_response: Bad number of headers");
+        return rc;
     }
 
     ap_log_rerror(APLOG_MARK, APLOG_TRACE4, 0, r,