Fix CVE-2016-8740 (mod_http2: properly crafted, endless HTTP/2 CONTINUATION
frames could be used to exhaust all server's memory.):

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740
https://httpd.apache.org/security/vulnerabilities_24.html

Patched copied from upstream mailing list:
https://mail-archives.apache.org/mod_mbox/httpd-announce/201612.mbox/%3C1A097A43-7CCB-4BA1-861F-E0C7EEE83A4B%40apache.org%3E

Index: modules/http2/h2_stream.c
===================================================================
--- a/modules/http2/h2_stream.c	(revision 1771866)
+++ b/modules/http2/h2_stream.c	(working copy)
@@ -322,18 +322,18 @@
                                            HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE);
             }
         }
-    }
-    
-    if (h2_stream_is_scheduled(stream)) {
-        return h2_request_add_trailer(stream->request, stream->pool,
-                                      name, nlen, value, vlen);
-    }
-    else {
-        if (!input_open(stream)) {
-            return APR_ECONNRESET;
+        
+        if (h2_stream_is_scheduled(stream)) {
+            return h2_request_add_trailer(stream->request, stream->pool,
+                                          name, nlen, value, vlen);
         }
-        return h2_request_add_header(stream->request, stream->pool,
-                                     name, nlen, value, vlen);
+        else {
+            if (!input_open(stream)) {
+                return APR_ECONNRESET;
+            }
+            return h2_request_add_header(stream->request, stream->pool,
+                                         name, nlen, value, vlen);
+        }
     }
 }