*) mod_http2: update to version 2.0.41

author Stefan Eissing <icing@apache.org>

Wed, 27 May 2026 09:37:31 +0000 (09:37 +0000)

committer Stefan Eissing <icing@apache.org>

Wed, 27 May 2026 09:37:31 +0000 (09:37 +0000)
author Stefan Eissing <icing@apache.org>
Wed, 27 May 2026 09:37:31 +0000 (09:37 +0000)
committer Stefan Eissing <icing@apache.org>
Wed, 27 May 2026 09:37:31 +0000 (09:37 +0000)
diff --git a/changes-entries/h2_v2.0.41.txt b/changes-entries/h2_v2.0.41.txt

new file mode 100644 (file)

index 0000000..4d7df59
--- /dev/null
+++ b/changes-entries/h2_v2.0.41.txt
@@ -0,0 +1,3 @@
+  *) mod_http2: update to version 2.0.41
+     Fix cookie header accounting against LimitRequestFields.
+     [Stefan Eissing]
diff --git a/modules/http2/h2_util.c b/modules/http2/h2_util.c

index b377ff77f1b1955c07475f99b50a7bf3e0095af8..b3039451f398fa5abaf76f5d9317d48bf54d804b 100644 (file)
--- a/modules/http2/h2_util.c
+++ b/modules/http2/h2_util.c
@@ -1708,6 +1708,8 @@ static apr_status_t req_add_header(apr_table_t *headers, apr_pool_t *pool,
               && !ap_cstr_casecmpn("cookie", (const char *)nv->name, nv->namelen)) {
          existing = apr_table_get(headers, "cookie");
          if (existing) {
+            if (!nv->valuelen)
+                return APR_SUCCESS;
              /* Cookie header come separately in HTTP/2, but need
               * to be merged by "; " (instead of default ", ")
               */
@@ -1719,6 +1721,8 @@ static apr_status_t req_add_header(apr_table_t *headers, apr_pool_t *pool,
              apr_table_setn(headers, "Cookie",
                             apr_psprintf(pool, "%s; %.*s", existing,
                                          (int)nv->valuelen, nv->value));
+            /* Treat the merge as an "add" to not escape LimitRequestFields */
+            *pwas_added = 1;
              return APR_SUCCESS;
          }
      }
diff --git a/modules/http2/h2_version.h b/modules/http2/h2_version.h

index 1d7113f58bdcd7e836e66dd528b2ab94a085ebda..cc0164e080d73f601060513cc9dafcff2f5dd6b5 100644 (file)
--- a/modules/http2/h2_version.h
+++ b/modules/http2/h2_version.h
@@ -27,7 +27,7 @@
   * @macro
   * Version number of the http2 module as c string
   */
-#define MOD_HTTP2_VERSION "2.0.40"
+#define MOD_HTTP2_VERSION "2.0.41"
  
  /**
   * @macro
@@ -35,7 +35,7 @@
   * release. This is a 24 bit number with 8 bits for major number, 8 bits
   * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
   */
-#define MOD_HTTP2_VERSION_NUM 0x020028
+#define MOD_HTTP2_VERSION_NUM 0x020029
  
  
  #endif /* mod_h2_h2_version_h */
author	Stefan Eissing <icing@apache.org>
	Wed, 27 May 2026 09:37:31 +0000 (09:37 +0000)
committer	Stefan Eissing <icing@apache.org>
	Wed, 27 May 2026 09:37:31 +0000 (09:37 +0000)
changes-entries/h2_v2.0.41.txt	[new file with mode: 0644]	patch \| blob
modules/http2/h2_util.c		patch \| blob \| blame \| history
modules/http2/h2_version.h		patch \| blob \| blame \| history