Description: Initialize the request fields on read failure to avoid NULLs
Origin: upstream, https://github.com/apache/httpd/commit/74c097f0,
 https://github.com/apache/httpd/commit/6945bb2
Bug: https://security-tracker.debian.org/tracker/CVE-2021-34798
Forwarded: not-needed
Reviewed-By: Yadd <yadd@debian.org>
Last-Update: 2021-09-21

--- a/server/protocol.c
+++ b/server/protocol.c
@@ -643,6 +643,8 @@
     return end - field;
 }
 
+static const char m_invalid_str[] = "-";
+
 static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
 {
     enum {
@@ -685,6 +687,11 @@
         if (rv != APR_SUCCESS) {
             r->request_time = apr_time_now();
 
+            /* Fall through with an invalid (non NULL) request */
+            r->method = m_invalid_str;
+            r->method_number = M_INVALID;
+            r->uri = r->unparsed_uri = apr_pstrdup(r->pool, "-");
+
             /* ap_rgetline returns APR_ENOSPC if it fills up the
              * buffer before finding the end-of-line.  This is only going to
              * happen if it exceeds the configured limit for a request-line.
@@ -1330,7 +1337,7 @@
                               "request failed: client's request-line exceeds LimitRequestLine (longer than %d)",
                               r->server->limit_req_line);
             }
-            else if (r->method == NULL) {
+            else if (r->method == m_invalid_str) {
                 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00566)
                               "request failed: malformed request line");
             }