This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
The following commit(s) were added to refs/heads/main by this push:
new 03216f540 enforce OCSP_MAX_RESPONSE_SIZE (#38)
03216f540 is described below
commit 03216f54004577af451e9917700cdb65da5b330f
Author: Chenjp <[email protected]>
AuthorDate: Sat Feb 7 03:49:21 2026 +0800
enforce OCSP_MAX_RESPONSE_SIZE (#38)
Introduce a hard limit of 64 KB for OCSP responses
---
native/src/sslutils.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/native/src/sslutils.c b/native/src/sslutils.c
index ce4f79b2d..4d3781a21 100644
--- a/native/src/sslutils.c
+++ b/native/src/sslutils.c
@@ -892,6 +892,7 @@ err:
/* Reads the response from the APR socket to a buffer, and parses the buffer to
return the OCSP response */
#define BUFFER_SIZE 512
+#define OCSP_MAX_RESPONSE_SIZE 65536
static OCSP_RESPONSE *ocsp_get_resp(apr_pool_t *mp, apr_socket_t *sock)
{
int buflen;
@@ -914,7 +915,10 @@ static OCSP_RESPONSE *ocsp_get_resp(apr_pool_t *mp,
apr_socket_t *sock)
readlen = sizeof(tmpbuf);
rv = apr_socket_recv(sock, tmpbuf, &readlen);
if (rv == APR_SUCCESS) { /* if we have read something .. we can put it
in the buffer*/
- if ((totalread + readlen) >= buflen) {
+ if ((totalread + readlen) > OCSP_MAX_RESPONSE_SIZE) {
+ apr_pool_destroy(p);
+ return NULL;
+ } else if ((totalread + readlen) >= buflen) {
buf = apr_xrealloc(buf, buflen, buflen * 2, p);
if (buf == NULL) {
apr_pool_destroy(p);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
