From: Jeff Trawick Date: Sat, 22 Nov 2014 17:54:08 +0000 (+0000) Subject: follow up to r1641077: X-Git-Tag: 2.5.0-alpha~3691 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2c334bcba567e43e104692efb10cba1b82d8e9a5;p=apache follow up to r1641077: one bug was traded for another in r1641077; track the response length and the cached object length separately to avoid such confusion git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1641095 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/ssl_util_stapling.c b/modules/ssl/ssl_util_stapling.c index 2d41728821..0e83baf3ea 100644 --- a/modules/ssl/ssl_util_stapling.c +++ b/modules/ssl/ssl_util_stapling.c @@ -212,7 +212,7 @@ static BOOL stapling_cache_response(server_rec *s, modssl_ctx_t *mctx, SSLModConfigRec *mc = myModConfig(s); unsigned char resp_der[MAX_STAPLING_DER]; /* includes one-byte flag + response */ unsigned char *p; - int resp_derlen; + int resp_derlen, stored_len; BOOL rv; apr_time_t expiry; @@ -224,7 +224,8 @@ static BOOL stapling_cache_response(server_rec *s, modssl_ctx_t *mctx, return FALSE; } - if (resp_derlen + 1 > sizeof resp_der) { /* response + ok flag too big? */ + stored_len = resp_derlen + 1; /* response + ok flag */ + if (stored_len > sizeof resp_der) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01928) "OCSP stapling response too big (%u bytes)", resp_derlen); return FALSE; @@ -248,7 +249,7 @@ static BOOL stapling_cache_response(server_rec *s, modssl_ctx_t *mctx, rv = mc->stapling_cache->store(mc->stapling_cache_context, s, cinf->idx, sizeof(cinf->idx), - expiry, resp_der, resp_derlen, pool); + expiry, resp_der, stored_len, pool); if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01929) "stapling_cache_response: OCSP response session store error!");