From ece6bf4363980019bff0c7f676792a6112d1b424 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <icing@apache.org>
Date: Wed, 21 Jun 2023 12:08:06 +0000
Subject: [PATCH] http_protocol: make request processing more robust for
 incomplete data

- Length restrictions may error on a too long request path, leaving
  the uri unset.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1910533 13f79535-47bb-0310-9956-ffa450edef68
---
 server/protocol.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/server/protocol.c b/server/protocol.c
index f9ab8b52f0a..9ac4e3fe929 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -1368,9 +1368,16 @@ AP_DECLARE(request_rec *) ap_read_request(conn_rec *conn)
             headers = breq->headers? apr_table_clone(r->pool, breq->headers) : NULL;
         }
 
+        if (!method || !uri || !protocol) {
+            access_status = berr? ((ap_bucket_error *)(berr->data))->status :
+                                  HTTP_INTERNAL_SERVER_ERROR;
+            goto die_unusable_input;
+        }
+
         if (headers) {
             r->headers_in = headers;
         }
+
         ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
                       "checking request: %s %s %s",
                       method, uri, protocol);