arrfab / rpms / httpd

Forked from rpms/httpd 5 years ago
Clone
Source Code
GIT

Blame SOURCES/httpd-2.4.6-CVE-2016-5387.patch

c7 c7-sig-altarch-stg-test c7-sig-altarch-test-push c8 c8-stream-2.4 master my-test-branch
  1.   my-test-branch
  2.   SOURCES
  3.   httpd-2.4.6-CVE-2016-5387.patch
Blob History Raw
48b77b
48b77b 
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5387
48b77b
48b77b 
--- httpd-2.4.6/server/util_script.c.cve5387
48b77b 
+++ httpd-2.4.6/server/util_script.c
48b77b 
@@ -190,6 +190,10 @@
48b77b 
             continue;
48b77b 
         }
48b77b 
 #endif
48b77b 
+        else if (!strcasecmp(hdrs[i].key, "Proxy")) {
48b77b 
+            /* Don't pass through HTTP_PROXY */
48b77b 
+            continue;
48b77b 
+        }
48b77b 
         else
48b77b 
             add_unless_null(e, http2env(r, hdrs[i].key), hdrs[i].val);
48b77b 
     }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation