From 4691b8b7aeeeed70b44e297507da7512374b0f96 Mon Sep 17 00:00:00 2001 From: Rainer Jung Date: Sun, 22 Jul 2012 11:57:25 +0000 Subject: [PATCH] modules/ssl/ssl_util_ocsp.c (get_line): Don't set line[-1] to 0 when len == 0. Backport of r1358061 from trunk. Submitted by: Jim Meyering Reviewed by: jorton, trawick, rjung Backported by: rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1364270 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ STATUS | 5 ----- modules/ssl/ssl_util_ocsp.c | 8 +++++++- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index dc7285d3bd..bc2f5f7aed 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,9 @@ Changes with Apache 2.4.3 possible XSS for a site where untrusted users can upload files to a location with MultiViews enabled. [Niels Heinen ] + *) mpm_ssl: Fix handling of empty response from OCSP server. + [Jim Meyering , Joe Orton] + *) mpm_event: Fix handling of MaxConnectionsPerChild. [Stefan Fritsch] *) mod_authz_core: If an expression in "Require expr" returns denied and diff --git a/STATUS b/STATUS index 9fdec44f30..340e2c14e1 100644 --- a/STATUS +++ b/STATUS @@ -88,11 +88,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_ssl: fix OCSP EOL handling - trunk patch: http://svn.apache.org/viewvc?rev=1358061&view=rev - 2.4.x patch: trunk patch works - +1: jorton, trawick, rjung - * core: log value of Status line in script responses instead of header name trunk patch: http://svn.apache.org/viewvc?rev=1362538&view=rev 2.4.x patch: trunk patch works diff --git a/modules/ssl/ssl_util_ocsp.c b/modules/ssl/ssl_util_ocsp.c index 94ef4cd0a9..e5c5e58da2 100644 --- a/modules/ssl/ssl_util_ocsp.c +++ b/modules/ssl/ssl_util_ocsp.c @@ -153,7 +153,13 @@ static char *get_line(apr_bucket_brigade *bbout, apr_bucket_brigade *bbin, return NULL; } - if (len && line[len-1] != APR_ASCII_LF) { + if (len == 0) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(02321) + "empty response from OCSP server"); + return NULL; + } + + if (line[len-1] != APR_ASCII_LF) { ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(01979) "response header line too long from OCSP server"); return NULL; -- 2.40.0