From b8374693412570e20e9db3fc3ff15a097bf6bfd6 Mon Sep 17 00:00:00 2001
From: remm <remm@apache.org>
Date: Wed, 11 Dec 2024 12:05:34 +0100
Subject: [PATCH] Fix edge case

---
 .../catalina/servlets/DefaultServlet.java      | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java
index a8cb7525d05a..857263300056 100644
--- a/java/org/apache/catalina/servlets/DefaultServlet.java
+++ b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -2218,7 +2218,9 @@ protected boolean checkIfMatch(HttpServletRequest request, HttpServletResponse r
             return true;
         }
         boolean hasAsteriskValue = false;// check existence of special header value '*'
+        int headerCount = 0;
         while (headerValues.hasMoreElements() && !conditionSatisfied) {
+            headerCount++;
             String headerValue = headerValues.nextElement();
             if ("*".equals(headerValue)) {
                 hasAsteriskValue = true;
@@ -2237,7 +2239,11 @@ protected boolean checkIfMatch(HttpServletRequest request, HttpServletResponse r
                 }
             }
         }
-        if (hasAsteriskValue && headerValues.hasMoreElements()) {
+        if (headerValues.hasMoreElements()) {
+            headerCount++;
+        }
+
+        if (hasAsteriskValue && headerCount > 1) {
             // Note that an If-Match header field with a list value containing "*" and other values (including other
             // instances of "*") is syntactically invalid (therefore not allowed to be generated) and furthermore is
             // unlikely to be interoperable.
@@ -2312,13 +2318,14 @@ protected boolean checkIfNoneMatch(HttpServletRequest request, HttpServletRespon
         }
         boolean hasAsteriskValue = false;// check existence of special header value '*'
         boolean conditionSatisfied = true;
+        int headerCount = 0;
         while (headerValues.hasMoreElements()) {
-
+            headerCount++;
             String headerValue = headerValues.nextElement();
 
             if (headerValue.equals("*")) {
                 hasAsteriskValue = true;
-                if (headerValues.hasMoreElements()) {
+                if (headerCount > 1 || headerValues.hasMoreElements()) {
                     conditionSatisfied = false;
                     break;
                 } else {
@@ -2358,8 +2365,11 @@ protected boolean checkIfNoneMatch(HttpServletRequest request, HttpServletRespon
             }
 
         }
+        if (headerValues.hasMoreElements()) {
+            headerCount++;
+        }
 
-        if (hasAsteriskValue && headerValues.hasMoreElements()) {
+        if (hasAsteriskValue && headerCount > 1) {
             // Note that an If-None-Match header field with a list value containing "*" and other values (including
             // other instances of "*") is syntactically invalid (therefore not allowed to be generated) and furthermore
             // is unlikely to be interoperable.