This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 1.3.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
The following commit(s) were added to refs/heads/1.3.x by this push:
new 713787925 enforce OCSP_MAX_RESPONSE_SIZE (#38)
713787925 is described below
commit 713787925bb309252ea11683921fa15dddb7e75a
Author: Chenjp <[email protected]>
AuthorDate: Sat Feb 7 03:49:21 2026 +0800
enforce OCSP_MAX_RESPONSE_SIZE (#38)
Introduce a hard limit of 64 KB for OCSP responses
---
native/src/sslutils.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/native/src/sslutils.c b/native/src/sslutils.c
index 75529b415..a8b168b62 100644
--- a/native/src/sslutils.c
+++ b/native/src/sslutils.c
@@ -913,6 +913,7 @@ err:
/* Reads the response from the APR socket to a buffer, and parses the buffer to
return the OCSP response */
#define BUFFER_SIZE 512
+#define OCSP_MAX_RESPONSE_SIZE 65536
static OCSP_RESPONSE *ocsp_get_resp(apr_pool_t *mp, apr_socket_t *sock)
{
int buflen;
@@ -935,7 +936,10 @@ static OCSP_RESPONSE *ocsp_get_resp(apr_pool_t *mp,
apr_socket_t *sock)
readlen = sizeof(tmpbuf);
rv = apr_socket_recv(sock, tmpbuf, &readlen);
if (rv == APR_SUCCESS) { /* if we have read something .. we can put it
in the buffer*/
- if ((totalread + readlen) >= buflen) {
+ if ((totalread + readlen) > OCSP_MAX_RESPONSE_SIZE) {
+ apr_pool_destroy(p);
+ return NULL;
+ } else if ((totalread + readlen) >= buflen) {
buf = apr_xrealloc(buf, buflen, buflen * 2, p);
if (buf == NULL) {
apr_pool_destroy(p);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
