* Ensure that proto_num and protocol is set in another "error out early" edge

  case. This can happen with invalid CONNECT requests as described in the PR.

PR: 58929

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1727544 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index fb4f1daa5f7a746677c56823f34a79dbeb9beda6..409be611aa0d564ed8fe9a70579957377344c0cf 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) core: Prevent a server crash in case of an invalid CONNECT request with
+     a custom error page for status code 400 that uses server side includes.
+     PR 58929 [Ruediger Pluem]
+
   *) mod_ssl: Add SSLOCSPProxyURL to add the possibility to do all queries
      to OCSP responders through a HTTP proxy. [Ruediger Pluem]
 

diff --git a/server/protocol.c b/server/protocol.c
index f36e9bdad9540125e48d304da06c65768ccf9389..27cd706ce4c16042ebeea1fc5da55d00ca95e10c 100644 (file)
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -647,6 +647,8 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
 
     ap_parse_uri(r, uri);
     if (r->status != HTTP_OK) {
+        r->proto_num = HTTP_VERSION(1,0);
+        r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
         return 0;
     }