From 92e14379e219e91d091b20f1e894076eda50f967 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <icing@apache.org>
Date: Mon, 14 Mar 2016 11:08:26 +0000
Subject: [PATCH] mod_http2: backport of fix for streams without :authority
 header

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1734917 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                    |  3 +++
 modules/http2/h2_request.c | 15 ++++++++++++---
 modules/http2/h2_util.c    |  1 -
 modules/http2/h2_version.h |  4 ++--
 4 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/CHANGES b/CHANGES
index ae2ef9c041..6a0115224e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.4.19
 
+  *) mod_http2: fixes incorrect denial of requests without :authority header.
+     [Stefan Eissing]
+     
   *) mod_reqtimeout: Prevent long response times from triggering a timeout once
      the request has been fully read.  PR 59045.  [Yann Ylavic]
 
diff --git a/modules/http2/h2_request.c b/modules/http2/h2_request.c
index 18509dfc12..251c0c01fb 100644
--- a/modules/http2/h2_request.c
+++ b/modules/http2/h2_request.c
@@ -238,11 +238,20 @@ apr_status_t h2_request_end_headers(h2_request *req, apr_pool_t *pool,
         return APR_EINVAL;
     }
 
-    /* Always set the "Host" header from :authority, see rfc7540, ch. 8.1.2.3 */
+    /* rfc7540, ch. 8.1.2.3:
+     * - if we have :authority, it overrides any Host header 
+     * - :authority MUST be ommited when converting h1->h2, so we
+     *   might get a stream without, but then Host needs to be there */
     if (!req->authority) {
-        return APR_BADARG;
+        const char *host = apr_table_get(req->headers, "Host");
+        if (!host) {
+            return APR_BADARG;
+        }
+        req->authority = host;
+    }
+    else {
+        apr_table_setn(req->headers, "Host", req->authority);
     }
-    apr_table_setn(req->headers, "Host", req->authority);
 
     s = apr_table_get(req->headers, "Content-Length");
     if (s) {
diff --git a/modules/http2/h2_util.c b/modules/http2/h2_util.c
index 71a3ff90a6..904349658c 100644
--- a/modules/http2/h2_util.c
+++ b/modules/http2/h2_util.c
@@ -1070,7 +1070,6 @@ typedef struct {
 #define H2_LIT_ARGS(a)      (a),H2_ALEN(a)
 
 static literal IgnoredRequestHeaders[] = {
-    H2_DEF_LITERAL("host"),
     H2_DEF_LITERAL("expect"),
     H2_DEF_LITERAL("upgrade"),
     H2_DEF_LITERAL("connection"),
diff --git a/modules/http2/h2_version.h b/modules/http2/h2_version.h
index 9677bc1a75..ddb5f3de56 100644
--- a/modules/http2/h2_version.h
+++ b/modules/http2/h2_version.h
@@ -26,7 +26,7 @@
  * @macro
  * Version number of the http2 module as c string
  */
-#define MOD_HTTP2_VERSION "1.4.0"
+#define MOD_HTTP2_VERSION "1.4.1"
 
 /**
  * @macro
@@ -34,7 +34,7 @@
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_HTTP2_VERSION_NUM 0x010400
+#define MOD_HTTP2_VERSION_NUM 0x010401
 
 
 #endif /* mod_h2_h2_version_h */
-- 
2.40.0