rpms / httpd

Clone
Source Code
GIT

Blame SOURCES/httpd-2.4.6-CVE-2016-5387.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-2.4 c8-sig-artwork c8-stream-2.4 c8s-stream-2.4 c9 c9-beta
  1.   21a02326b64a97d69a9b653af96c16fce9a41533
  2.   SOURCES
  3.   httpd-2.4.6-CVE-2016-5387.patch
Blob History Raw
8335b1
8335b1 
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5387
8335b1
8335b1 
--- httpd-2.4.6/server/util_script.c.cve5387
8335b1 
+++ httpd-2.4.6/server/util_script.c
8335b1 
@@ -190,6 +190,10 @@
8335b1 
             continue;
8335b1 
         }
8335b1 
 #endif
8335b1 
+        else if (!strcasecmp(hdrs[i].key, "Proxy")) {
8335b1 
+            /* Don't pass through HTTP_PROXY */
8335b1 
+            continue;
8335b1 
+        }
8335b1 
         else
8335b1 
             add_unless_null(e, http2env(r, hdrs[i].key), hdrs[i].val);
8335b1 
     }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation