Actually silently ignore GET / OCSP requests

Reviewed-by: Matt Caswell <matt@openssl.org>
author: Viktor Dukhovni <openssl-users@dukhovni.org> 2019-07-15 13:12:04 -0400
committer: Viktor Dukhovni <openssl-users@dukhovni.org> 2019-07-16 06:14:36 -0400
commit: 2b7efbd03295f8a345b63acd212e22cb5a3d19df (patch)
tree: 6e547010856192f7ddcfe1830761d5c3d8168fe3
parent: cf8b3732484a7a087c1e004551e3f8c51203c69d (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 066a2e43af..5d23918169 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1416,9 +1416,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
         *q = '\0';
 
         /*
-         * Skip "GET / HTTP..." requests often used by load-balancers
+         * Skip "GET / HTTP..." requests often used by load-balancers.  Note:
+         * 'p' was incremented above to point to the first byte *after* the
+         * leading slash, so with 'GET / ' it is now an empty string.
          */
-        if (p[1] == '\0')
+        if (p[0] == '\0')
             goto out;
 
         len = urldecode(p);
author	Viktor Dukhovni <openssl-users@dukhovni.org>	2019-07-15 13:12:04 -0400
committer	Viktor Dukhovni <openssl-users@dukhovni.org>	2019-07-16 06:14:36 -0400
commit	2b7efbd03295f8a345b63acd212e22cb5a3d19df (patch)
tree	6e547010856192f7ddcfe1830761d5c3d8168fe3
parent	cf8b3732484a7a087c1e004551e3f8c51203c69d (diff)