From 8c162db8b65b2193e622b780e8c6516d4265f68b Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Mon, 11 May 2015 15:48:58 +0000
Subject: [PATCH] mod_proxy_http: follow up to r1656259. The proxy connection
 may be NULL during prefetch, don't try to dereference it! Still
 origin->keepalive will be set according to p_conn->close by the caller
 (proxy_http_handler).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1678771 13f79535-47bb-0310-9956-ffa450edef68

Upstream-Status: Backport
CVE: CVE-2020-35504

Reference to upstream patch:
https://bugzilla.redhat.com/show_bug.cgi?id=1966738
https://github.com/apache/httpd/commit/8c162db8b65b2193e622b780e8c6516d4265f68b

Signed-off-by: Li Wang <li.wang@windriver.com>
---
 modules/proxy/mod_proxy_http.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
index ec1e042..5f507d5 100644
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -570,7 +570,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req,
     apr_off_t bytes;
     int force10, rv;
     apr_read_type_e block;
-    conn_rec *origin = p_conn->connection;
 
     if (apr_table_get(r->subprocess_env, "force-proxy-request-1.0")) {
         if (req->expecting_100) {
@@ -630,7 +629,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req,
                       "chunked body with Content-Length (C-L ignored)",
                       c->client_ip, c->remote_host ? c->remote_host: "");
         req->old_cl_val = NULL;
-        origin->keepalive = AP_CONN_CLOSE;
         p_conn->close = 1;
     }
 
-- 
2.7.4