File tomcat-7.0.90-CVE-2018-11784.patch of Package tomcat.7194

From b76e1dfb3dec3789cc700f8d022c872eb947a221 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Tue, 4 Sep 2018 18:22:03 +0000
Subject: [PATCH] When generating a redirect to a directory in the Default
 Servlet, avoid generating a protocol relative redirect.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk@1840057 13f79535-47bb-0310-9956-ffa450edef68
---
 java/org/apache/catalina/servlets/DefaultServlet.java | 4 ++++
 webapps/docs/changelog.xml                            | 4 ++++
 2 files changed, 8 insertions(+)

Index: apache-tomcat-7.0.90-src/java/org/apache/catalina/servlets/DefaultServlet.java
===================================================================
--- apache-tomcat-7.0.90-src.orig/java/org/apache/catalina/servlets/DefaultServlet.java
+++ apache-tomcat-7.0.90-src/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -1106,6 +1106,10 @@ public class DefaultServlet
             location.append('?');
             location.append(request.getQueryString());
         }
+        // Avoid protocol relative redirects
+        while (location.length() > 1 && location.charAt(1) == '/') {
+            location.deleteCharAt(0);
+        }
         response.sendRedirect(response.encodeRedirectURL(location.toString()));
     }
 
Index: apache-tomcat-7.0.90-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-7.0.90-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-7.0.90-src/webapps/docs/changelog.xml
@@ -135,6 +135,10 @@
         <code>Expires</code> header as required by HTTP specification
         (RFC 7231, 7234). (kkolinko)
       </fix>
+      <fix>
+        When generating a redirect to a directory in the Default Servlet, avoid
+        generating a protocol relative redirect. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">