altarch-user / rpms / httpd

Forked from rpms/httpd 2 years ago
Clone

Blame SOURCES/httpd-2.4.6-CVE-2016-5387.patch

008793
008793
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5387
008793
008793
--- httpd-2.4.6/server/util_script.c.cve5387
008793
+++ httpd-2.4.6/server/util_script.c
008793
@@ -190,6 +190,10 @@
008793
             continue;
008793
         }
008793
 #endif
008793
+        else if (!strcasecmp(hdrs[i].key, "Proxy")) {
008793
+            /* Don't pass through HTTP_PROXY */
008793
+            continue;
008793
+        }
008793
         else
008793
             add_unless_null(e, http2env(r, hdrs[i].key), hdrs[i].val);
008793
     }