From b0732610112cb2066b5e43a47a11008edfacee02 Mon Sep 17 00:00:00 2001
From: Flavia Rainone <frainone@redhat.com>
Date: Thu, 8 Jun 2023 01:22:47 -0300
Subject: [PATCH] [UNDERTOW-2280] CVE-2023-5379 At AjpReadListener, do not
 close the connection if read is larger than maxRequestSize

Signed-off-by: Flavia Rainone <frainone@redhat.com>
---
 .../java/io/undertow/server/protocol/ajp/AjpReadListener.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/io/undertow/server/protocol/ajp/AjpReadListener.java b/core/src/main/java/io/undertow/server/protocol/ajp/AjpReadListener.java
index 8f9c94abb0..a9631b3717 100644
--- a/core/src/main/java/io/undertow/server/protocol/ajp/AjpReadListener.java
+++ b/core/src/main/java/io/undertow/server/protocol/ajp/AjpReadListener.java
@@ -19,6 +19,7 @@
 package io.undertow.server.protocol.ajp;
 
 import io.undertow.UndertowLogger;
+import io.undertow.UndertowMessages;
 import io.undertow.UndertowOptions;
 import io.undertow.conduits.ConduitListener;
 import io.undertow.conduits.EmptyStreamSourceConduit;
@@ -165,8 +166,7 @@ public void handleEvent(final StreamSourceChannel channel) {
                 }
                 if (read > maxRequestSize) {
                     UndertowLogger.REQUEST_LOGGER.requestHeaderWasTooLarge(connection.getPeerAddress(), maxRequestSize);
-                    safeClose(connection);
-                    return;
+                    throw UndertowMessages.MESSAGES.badRequest();
                 }
             } while (!state.isComplete());