The branch OpenSSL_1_1_1-stable has been updated via 2b7efbd03295f8a345b63acd212e22cb5a3d19df (commit) from cf8b3732484a7a087c1e004551e3f8c51203c69d (commit)
- Log ----------------------------------------------------------------- commit 2b7efbd03295f8a345b63acd212e22cb5a3d19df Author: Viktor Dukhovni <openssl-us...@dukhovni.org> Date: Mon Jul 15 13:12:04 2019 -0400 Actually silently ignore GET / OCSP requests Reviewed-by: Matt Caswell <m...@openssl.org> ----------------------------------------------------------------------- Summary of changes: apps/ocsp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index 066a2e4..5d23918 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1416,9 +1416,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, *q = '\0'; /* - * Skip "GET / HTTP..." requests often used by load-balancers + * Skip "GET / HTTP..." requests often used by load-balancers. Note: + * 'p' was incremented above to point to the first byte *after* the + * leading slash, so with 'GET / ' it is now an empty string. */ - if (p[1] == '\0') + if (p[0] == '\0') goto out; len = urldecode(p);