File tomcat-connectors-1.2.26-src-CVE-2008-5519.patch of Package apache2-mod_jk

Index: tomcat-connectors-1.2.26-src/native/common/jk_ajp_common.c
===================================================================
--- tomcat-connectors-1.2.26-src.orig/native/common/jk_ajp_common.c	2007-12-17 16:01:32.000000000 +0100
+++ tomcat-connectors-1.2.26-src/native/common/jk_ajp_common.c	2009-10-12 11:42:22.065668378 +0200
@@ -1476,6 +1476,14 @@
             if ((len = ajp_read_into_msg_buff(ae, s, op->post, len, l)) < 0) {
                 /* the browser stop sending data, no need to recover */
                 op->recoverable = JK_FALSE;
+                /* Send an empty POST message since per AJP protocol
+                 * spec whenever we have content lenght the message
+                 * packet must be followed with initial POST packet.
+                 * Size zero will be handled as error in container.
+                 */
+                jk_b_reset(op->post);
+                jk_b_append_int(op->post, 0);
+                ajp_connection_tcp_send_message(ae, op->post, l);
                 JK_TRACE_EXIT(l);
                 return JK_CLIENT_RD_ERROR;
             }