[packages/tomcat.git] / tomcat-CVE-2016-5388.patch

--- apache-tomcat-7.0.70-src/java/org/apache/catalina/servlets/CGIServlet.java.orig	2016-06-15 18:45:50.000000000 +0200
+++ apache-tomcat-7.0.70-src/java/org/apache/catalina/servlets/CGIServlet.java	2016-07-19 15:35:56.656316104 +0200
@@ -1107,7 +1107,8 @@ public final class CGIServlet extends Ht
                 //REMIND: change character set
                 //REMIND: I forgot what the previous REMIND means
                 if ("AUTHORIZATION".equalsIgnoreCase(header) ||
-                    "PROXY_AUTHORIZATION".equalsIgnoreCase(header)) {
+                    "PROXY_AUTHORIZATION".equalsIgnoreCase(header) ||
+                    "PROXY".equalsIgnoreCase(header)) {
                     //NOOP per CGI specification section 11.2
                 } else {
                     envp.put("HTTP_" + header.replace('-', '_'),
Commit	Line	Data
0d6b705c AM	1	--- apache-tomcat-7.0.70-src/java/org/apache/catalina/servlets/CGIServlet.java.orig 2016-06-15 18:45:50.000000000 +0200
	2	+++ apache-tomcat-7.0.70-src/java/org/apache/catalina/servlets/CGIServlet.java 2016-07-19 15:35:56.656316104 +0200
	3	@@ -1107,7 +1107,8 @@ public final class CGIServlet extends Ht
	4	//REMIND: change character set
	5	//REMIND: I forgot what the previous REMIND means
	6	if ("AUTHORIZATION".equalsIgnoreCase(header) \|\|
	7	- "PROXY_AUTHORIZATION".equalsIgnoreCase(header)) {
	8	+ "PROXY_AUTHORIZATION".equalsIgnoreCase(header) \|\|
	9	+ "PROXY".equalsIgnoreCase(header)) {
	10	//NOOP per CGI specification section 11.2
	11	} else {
	12	envp.put("HTTP_" + header.replace('-', '_'),