tomcat/CVE-2018-11784.patch

--- a/webapps/docs/changelog.xml	2018-06-20 13:35:40.000000000 -0400
+++ b/webapps/docs/changelog_1.xml	2019-06-24 08:35:44.801000000 -0400
@@ -164,6 +164,10 @@
         the authenticated Subject to include at least one Principal of a type
         specified by <code>userClassNames</code>. (markt)
       </fix>
+      <fix>
+        When generating a redirect to a directory in the Default Servlet, avoid
+        generating a protocol relative redirect. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">
--- a/java/org/apache/catalina/servlets/DefaultServlet.java	2018-06-20 13:35:34.000000000 -0400
+++ b/java/org/apache/catalina/servlets/DefaultServlet_1.java	2019-06-24 08:40:08.699000000 -0400
@@ -1324,6 +1324,10 @@ public class DefaultServlet extends Http
             location.append('?');
             location.append(request.getQueryString());
         }
+        // Avoid protocol relative redirects
+        while (location.length() > 1 && location.charAt(1) == '/') {
+            location.deleteCharAt(0);
+        }
         response.sendRedirect(response.encodeRedirectURL(location.toString()));
     }