* modules/ssl/ssl_util_ocsp.c (read_response): Bail out if the maximum

  response-header count is exceeded.  Also bump to APLOG_ERR the log
  message given after a header read error.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600482 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_util_ocsp.c b/modules/ssl/ssl_util_ocsp.c
index 497717a6650df51a49c64c40a45323651955a1e2..d482e8cfa70769aa2feec120398398be51001863 100644 (file)
--- a/modules/ssl/ssl_util_ocsp.c
+++ b/modules/ssl/ssl_util_ocsp.c
@@ -207,8 +207,14 @@ static OCSP_RESPONSE *read_response(apr_socket_t *sd, BIO *bio, conn_rec *c,
                       "OCSP response header: %s", line);
     }
 
-    if (!line) {
-        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
+    if (count == MAX_HEADERS) {
+        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
+                      "could not read response headers from OCSP server, "
+                      "exceeded maximum count (%u)", MAX_HEADERS);
+        return NULL;
+    }
+    else if (!line) {
+        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
                       "could not read response header from OCSP server");
         return NULL;
     }