diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2019-07-15 13:12:04 -0400 |
---|---|---|
committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2019-07-16 06:11:15 -0400 |
commit | 5fe499cb75469fbda08d96facd13d14a402a6d44 (patch) | |
tree | 6bdc1e62104b1546ebe87c6ec8a6630260bdb7f1 | |
parent | 12df11bdf11fb6a3410483b0097f032e329b4623 (diff) |
Actually silently ignore GET / OCSP requests
Reviewed-by: Matt Caswell <matt@openssl.org>
-rw-r--r-- | apps/ocsp.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/apps/ocsp.c b/apps/ocsp.c index 9f2cf453be..71c6a56f2f 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1436,9 +1436,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, *q = '\0'; /* - * Skip "GET / HTTP..." requests often used by load-balancers + * Skip "GET / HTTP..." requests often used by load-balancers. Note: + * 'p' was incremented above to point to the first byte *after* the + * leading slash, so with 'GET / ' it is now an empty string. */ - if (p[1] == '\0') + if (p[0] == '\0') goto out; len = urldecode(p); |