Blame SOURCES/httpd-2.4.34-CVE-2018-17189.patch

ad4e62
diff --git a/modules/http2/h2_conn.c b/modules/http2/h2_conn.c
ad4e62
index 2e956593aa..88da2bab3e 100644
ad4e62
--- a/modules/http2/h2_conn.c
ad4e62
+++ b/modules/http2/h2_conn.c
ad4e62
@@ -354,6 +354,15 @@ apr_status_t h2_slave_run_pre_connection(conn_rec *slave, apr_socket_t *csd)
ad4e62
          * (Not necessarily in pre_connection, but later. Set it here, so it
ad4e62
          * is in place.) */
ad4e62
         slave->keepalives = 1;
ad4e62
+        /* We signal that this connection will be closed after the request.
ad4e62
+         * Which is true in that sense that we throw away all traffic data
ad4e62
+         * on this slave connection after each requests. Although we might
ad4e62
+         * reuse internal structures like memory pools.
ad4e62
+         * The wanted effect of this is that httpd does not try to clean up
ad4e62
+         * any dangling data on this connection when a request is done. Which
ad4e62
+         * is unneccessary on a h2 stream.
ad4e62
+         */
ad4e62
+        slave->keepalive = AP_CONN_CLOSE;
ad4e62
         return ap_run_pre_connection(slave, csd);
ad4e62
     }
ad4e62
     return APR_SUCCESS;