apache-commons-httpclient/apache-commons-httpclient-CVE-2015-5262.patch

From a42239d4dbf88dc577061203c234a91d847a8615 Mon Sep 17 00:00:00 2001
From: Fabio Valentini <decathorpe@gmail.com>
Date: Sat, 18 Jul 2020 19:48:18 +0200
Subject: [PATCH 5/6] CVE-2015-5262

---
 .../httpclient/protocol/SSLProtocolSocketFactory.java        | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
index e6ce513..b7550a2 100644
--- a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
+++ b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
@@ -152,7 +152,9 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
         }
         int timeout = params.getConnectionTimeout();
         if (timeout == 0) {
-            Socket sslSocket =  createSocket(host, port, localAddress, localPort);
+            Socket sslSocket = SSLSocketFactory.getDefault().createSocket(
+                host, port, localAddress, localPort);
+            sslSocket.setSoTimeout(params.getSoTimeout());
             verifyHostName(host, (SSLSocket) sslSocket);
             return sslSocket;
         } else {
@@ -163,6 +165,7 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
             	sslSocket = ControllerThreadSocketFactory.createSocket(
                     this, host, port, localAddress, localPort, timeout);
             }
+            sslSocket.setSoTimeout(params.getSoTimeout());
             verifyHostName(host, (SSLSocket) sslSocket);
             return sslSocket;
         }
-- 
2.26.2