]> granicus.if.org Git - apache/commitdiff
modules/ssl/ssl_util_ocsp.c (get_line): Don't set line[-1] to 0
authorRainer Jung <rjung@apache.org>
Sun, 22 Jul 2012 11:57:25 +0000 (11:57 +0000)
committerRainer Jung <rjung@apache.org>
Sun, 22 Jul 2012 11:57:25 +0000 (11:57 +0000)
when len == 0.

Backport of r1358061 from trunk.

Submitted by: Jim Meyering <meyering redhat.com>
Reviewed by: jorton, trawick, rjung
Backported by: rjung

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1364270 13f79535-47bb-0310-9956-ffa450edef68

CHANGES
STATUS
modules/ssl/ssl_util_ocsp.c

diff --git a/CHANGES b/CHANGES
index dc7285d3bd31d8b26a6cf6ccfc3f96edc528cbe2..bc2f5f7aeda6e0cfb14ba27087d2abd182211acb 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -8,6 +8,9 @@ Changes with Apache 2.4.3
      possible XSS for a site where untrusted users can upload files to
      a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
 
+  *) mpm_ssl: Fix handling of empty response from OCSP server.
+     [Jim Meyering <meyering redhat.com>, Joe Orton]
+
   *) mpm_event: Fix handling of MaxConnectionsPerChild. [Stefan Fritsch]
 
   *) mod_authz_core: If an expression in "Require expr" returns denied and
diff --git a/STATUS b/STATUS
index 9fdec44f301975c25b4238fd6f8866db9e4dfdb6..340e2c14e1fead60e993fde47efb5e6fd6d823ff 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -88,11 +88,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * mod_ssl: fix OCSP EOL handling
-     trunk patch: http://svn.apache.org/viewvc?rev=1358061&view=rev
-     2.4.x patch: trunk patch works
-     +1: jorton, trawick, rjung
-   
    * core: log value of Status line in script responses instead of header name
      trunk patch: http://svn.apache.org/viewvc?rev=1362538&view=rev
      2.4.x patch: trunk patch works
index 94ef4cd0a9c024d8412e8299ccba2c5acead8c59..e5c5e58da242db513bc8355f847c790c978a68e8 100644 (file)
@@ -153,7 +153,13 @@ static char *get_line(apr_bucket_brigade *bbout, apr_bucket_brigade *bbin,
         return NULL;
     }
 
-    if (len && line[len-1] != APR_ASCII_LF) {
+    if (len == 0) {
+        ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(02321)
+                      "empty response from OCSP server");
+        return NULL;
+    }
+
+    if (line[len-1] != APR_ASCII_LF) {
         ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(01979)
                       "response header line too long from OCSP server");
         return NULL;