File CVE-2025-49630.patch of Package apache2.39827

From 88304321841a2fe8bd5eacc70e69418b0b545ca5 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Mon, 7 Jul 2025 12:05:49 +0000
Subject: [PATCH] backport 1927036 from trunk

  tolerate missing host header in h2 proxy

Reviewed By: jorton, icing, rpluem



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1927044 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/http2/h2_proxy_session.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/modules/http2/h2_proxy_session.c b/modules/http2/h2_proxy_session.c
index d5d0f9bc6bc..2cfbb5f5d4b 100644
--- a/modules/http2/h2_proxy_session.c
+++ b/modules/http2/h2_proxy_session.c
@@ -850,6 +850,18 @@ static apr_status_t open_stream(h2_proxy_session *session, const char *url,
     dconf = ap_get_module_config(r->per_dir_config, &proxy_module);
     if (dconf->preserve_host) {
         authority = orig_host;
+        if (!authority) {
+            /* Duplicate mod_proxy behaviour if ProxyPreserveHost is
+             * used but an "HTTP/0.9" request is received without a
+             * Host: header */
+            authority = r->server->server_hostname;
+            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10511)
+                          "HTTP/0.9 request (with no host line) "
+                          "on incoming request and preserve host set "
+                          "forcing hostname to be %s for uri %s",
+                          authority, r->uri);
+            apr_table_setn(r->headers_in, "Host", authority);
+        }
     }
     else {
         authority = puri.hostname;