diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-05-25 17:32:26 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-06-13 15:13:21 +0200 |
commit | 5a2ba207ed94e79db606f80cf2873367e2a843bf (patch) | |
tree | 9b55b4b8961424cc144ed24092fed7c0a960e9e2 /apps/cmp.c | |
parent | 1693135564d00e34ca9f41ff785b5d60e3500415 (diff) |
Add request URL path checking and status responses to HTTP server
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Diffstat (limited to 'apps/cmp.c')
-rw-r--r-- | apps/cmp.c | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/apps/cmp.c b/apps/cmp.c index 6f3e7ed39e..a229485d66 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -2100,6 +2100,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *e) (void)BIO_snprintf(server_buf, sizeof(server_buf), "http%s://%s%s%s/%s", opt_tls_used ? "s" : "", opt_server, server_port == 0 ? "" : ":", server_port_s, + opt_path == NULL ? "" : opt_path[0] == '/' ? opt_path + 1 : opt_path); if (opt_proxy != NULL) @@ -2977,12 +2978,13 @@ int cmp_main(int argc, char **argv) if ((acbio = http_server_init_bio(prog, opt_port)) == NULL) goto err; while (opt_max_msgs <= 0 || msgs < opt_max_msgs) { + char *path = NULL; OSSL_CMP_MSG *req = NULL; OSSL_CMP_MSG *resp = NULL; ret = http_server_get_asn1_req(ASN1_ITEM_rptr(OSSL_CMP_MSG), - (ASN1_VALUE **)&req, &cbio, acbio, - prog, 0, 0); + (ASN1_VALUE **)&req, &path, + &cbio, acbio, prog, 0, 0); if (ret == 0) continue; if (ret++ == -1) @@ -2991,17 +2993,32 @@ int cmp_main(int argc, char **argv) ret = 0; msgs++; if (req != NULL) { + if (strcmp(path, "") != 0 && strcmp(path, "pkix/") != 0) { + (void)http_server_send_status(cbio, 404, "Not Found"); + CMP_err1("Expecting empty path or 'pkix/' but got '%s'\n", + path); + OPENSSL_free(path); + OSSL_CMP_MSG_free(req); + goto cont; + } + OPENSSL_free(path); resp = OSSL_CMP_CTX_server_perform(cmp_ctx, req); OSSL_CMP_MSG_free(req); - if (resp == NULL) + if (resp == NULL) { + (void)http_server_send_status(cbio, + 500, "Internal Server Error"); break; /* treated as fatal error */ + } ret = http_server_send_asn1_resp(cbio, "application/pkixcmp", ASN1_ITEM_rptr(OSSL_CMP_MSG), (const ASN1_VALUE *)resp); OSSL_CMP_MSG_free(resp); if (!ret) break; /* treated as fatal error */ + } else { + (void)http_server_send_status(cbio, 400, "Bad Request"); } + cont: BIO_free_all(cbio); cbio = NULL; } |