return 400 Bad Request on malformed Host header

httpd-2.4.4-malformed-host.patch

@@ -0,0 +1,12 @@
+diff --git a/server/protocol.c b/server/protocol.c
+index e1ef204..d6d9165 100644
+--- a/server/protocol.c
++++ b/server/protocol.c
+@@ -1049,6 +1049,7 @@ request_rec *ap_read_request(conn_rec *conn)
+      * now read. may update status.
+      */
+     ap_update_vhost_from_headers(r);
++    access_status = r->status;
+ 
+     /* Toggle to the Host:-based vhost's timeout mode to fetch the
+      * request body and send the response body, if needed.

httpd.spec

@@ -14,7 +14,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.4
-Release: 7%{?dist}
+Release: 8%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: index.html
@@ -67,6 +67,7 @@ Patch51: httpd-2.4.3-sslsninotreq.patch
 Patch52: httpd-2.4.4-r1476674.patch
 Patch53: httpd-2.4.4-mod_cache-tmppath.patch
 Patch54: httpd-2.4.4-dump-vhost-twice.patch
+Patch55: httpd-2.4.4-malformed-host.patch
 License: ASL 2.0
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -194,6 +195,7 @@ interface for storing and accessing per-user session data.
 %patch52 -p1 -b .r1476674
 %patch53 -p1 -b .tmppath
 %patch54 -p1 -b .vhosttwice
+%patch55 -p1 -b .malformedhost
 
 # Patch in the vendor string
 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@@ -616,6 +618,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_sysconfdir}/rpm/macros.httpd
 
 %changelog
+* Fri May 31 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-8
+- return 400 Bad Request on malformed Host header
+
 * Fri May 24 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-7
 - ignore /etc/sysconfig/httpd and document systemd way of setting env variables
   in this file