Strange header hash collisions making tomcat keel over

[vidiecan]

Our setup:

• nginx 1.8.0
• nginx-headers-more-module - https://github.com/openresty/headers-more-nginx-module/archive/v0.26.tar.gz
• nginx-ajp-module - this one
• nginx-shib-module (https://github.com/nginx-shib/nginx-http-shibboleth/archive/master.tar.gz)
• openssl-1.0.2d
• tomcat8

Problem: The problem was that users using firefox 40 could not authenticate to our service and were stuck in one of the redirects served by tomcat. The problem was tracked to an invalid ajp message sent to tomcat which silently keeled over. Furthermore it was tracked to ngx_http_ajp.c to

if ((sc = sc_for_req_header(&header[i])) != UNKNOWN_METHOD) {
                if (ajp_msg_append_uint16(msg, (uint16_t)sc)) {
                    ngx_log_error(NGX_LOG_ERR, log, 0,
                                  "ajp_marshal_into_msgb: "
                                  "Error appending the header name");
                    return AJP_EOVERFLOW;
                }
            }
            else {
                if (ajp_msg_append_string(msg, &header[i].key)) {
                    ngx_log_error(NGX_LOG_ERR, log, 0,
                                  "ajp_marshal_into_msgb: "
                                  "Error appending the header name");
                    return AJP_EOVERFLOW;
                }
            }

where headers like REMOTE_USER, AUTH_TYPE had the same hashes?! as some of the request_known_headers_t and the keys were not added to the message. That is clearly incorrect. Tomcat refused to decode the message and silently returned 500.

[vidiecan]

tracked down to a problem in nginx-http-shibboleth where headers are reinserted but hash is not initialised