Correctly align the behavior of headers_in to be consistent with the

treatment of headers_out, resolving PR 48359 by keeping subrequest scope changes out of the main request headers. This ensures that all requests-without-bodies behave as the requests-with-bodies code has. Mitre: CVE-2010-0434 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@901578 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2010-01-21 07:19:41 +00:00
parent 3250344992
commit 115c1e496d
4 changed files with 25 additions and 30 deletions
--- a/modules/http/http_request.c
+++ b/modules/http/http_request.c
@@ -442,7 +442,7 @@ static request_rec *internal_internal_redirect(const char *new_uri,
    new->request_time    = r->request_time;
    new->main            = r->main;

-    new->headers_in      = r->headers_in;
+    new->headers_in      = apr_table_copy(r->pool, r->headers_in);
    new->headers_out     = apr_table_make(r->pool, 12);
    new->err_headers_out = r->err_headers_out;
    new->subprocess_env  = rename_original_env(r->pool, r->subprocess_env);
@@ -515,6 +515,8 @@ AP_DECLARE(void) ap_internal_fast_redirect(request_rec *rr, request_rec *r)
    r->per_dir_config = rr->per_dir_config;
    /* copy output headers from subrequest, but leave negotiation headers */
    r->notes = apr_table_overlay(r->pool, rr->notes, r->notes);
+    r->headers_in = apr_table_overlay(r->pool, rr->headers_in,
+                                      r->headers_in);
    r->headers_out = apr_table_overlay(r->pool, rr->headers_out,
                                       r->headers_out);
    r->err_headers_out = apr_table_overlay(r->pool, rr->err_headers_out,