[openssl] OpenSSL_1_1_1-stable update
Viktor Dukhovni
viktor at openssl.org
Tue Jul 16 10:15:02 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via 2b7efbd03295f8a345b63acd212e22cb5a3d19df (commit)
from cf8b3732484a7a087c1e004551e3f8c51203c69d (commit)
- Log -----------------------------------------------------------------
commit 2b7efbd03295f8a345b63acd212e22cb5a3d19df
Author: Viktor Dukhovni <openssl-users at dukhovni.org>
Date: Mon Jul 15 13:12:04 2019 -0400
Actually silently ignore GET / OCSP requests
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/ocsp.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 066a2e4..5d23918 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1416,9 +1416,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
*q = '\0';
/*
- * Skip "GET / HTTP..." requests often used by load-balancers
+ * Skip "GET / HTTP..." requests often used by load-balancers. Note:
+ * 'p' was incremented above to point to the first byte *after* the
+ * leading slash, so with 'GET / ' it is now an empty string.
*/
- if (p[1] == '\0')
+ if (p[0] == '\0')
goto out;
len = urldecode(p);
More information about the openssl-commits
mailing list