Add request URL path checking and status responses to HTTP server

Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-05-25 17:32:26 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-06-13 15:13:21 +0200
commit: 5a2ba207ed94e79db606f80cf2873367e2a843bf (patch)
tree: 9b55b4b8961424cc144ed24092fed7c0a960e9e2 /apps/cmp.c
parent: 1693135564d00e34ca9f41ff785b5d60e3500415 (diff)
1 files changed, 20 insertions, 3 deletions
diff --git a/apps/cmp.c b/apps/cmp.c
index 6f3e7ed39e..a229485d66 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -2100,6 +2100,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *e)
     (void)BIO_snprintf(server_buf, sizeof(server_buf), "http%s://%s%s%s/%s",
                        opt_tls_used ? "s" : "", opt_server,
                        server_port == 0 ? "" : ":", server_port_s,
+                       opt_path == NULL ? "" :
                        opt_path[0] == '/' ? opt_path + 1 : opt_path);
 
     if (opt_proxy != NULL)
@@ -2977,12 +2978,13 @@ int cmp_main(int argc, char **argv)
         if ((acbio = http_server_init_bio(prog, opt_port)) == NULL)
             goto err;
         while (opt_max_msgs <= 0 || msgs < opt_max_msgs) {
+            char *path = NULL;
             OSSL_CMP_MSG *req = NULL;
             OSSL_CMP_MSG *resp = NULL;
 
             ret = http_server_get_asn1_req(ASN1_ITEM_rptr(OSSL_CMP_MSG),
-                                           (ASN1_VALUE **)&req, &cbio, acbio,
-                                           prog, 0, 0);
+                                           (ASN1_VALUE **)&req, &path,
+                                           &cbio, acbio, prog, 0, 0);
             if (ret == 0)
                 continue;
             if (ret++ == -1)
@@ -2991,17 +2993,32 @@ int cmp_main(int argc, char **argv)
             ret = 0;
             msgs++;
             if (req != NULL) {
+                if (strcmp(path, "") != 0 && strcmp(path, "pkix/") != 0) {
+                    (void)http_server_send_status(cbio, 404, "Not Found");
+                    CMP_err1("Expecting empty path or 'pkix/' but got '%s'\n",
+                             path);
+                    OPENSSL_free(path);
+                    OSSL_CMP_MSG_free(req);
+                    goto cont;
+                }
+                OPENSSL_free(path);
                 resp = OSSL_CMP_CTX_server_perform(cmp_ctx, req);
                 OSSL_CMP_MSG_free(req);
-                if (resp == NULL)
+                if (resp == NULL) {
+                    (void)http_server_send_status(cbio,
+                                                  500, "Internal Server Error");
                     break; /* treated as fatal error */
+                }
                 ret = http_server_send_asn1_resp(cbio, "application/pkixcmp",
                                                  ASN1_ITEM_rptr(OSSL_CMP_MSG),
                                                  (const ASN1_VALUE *)resp);
                 OSSL_CMP_MSG_free(resp);
                 if (!ret)
                     break; /* treated as fatal error */
+            } else {
+                (void)http_server_send_status(cbio, 400, "Bad Request");
             }
+        cont:
             BIO_free_all(cbio);
             cbio = NULL;
         }
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-05-25 17:32:26 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-06-13 15:13:21 +0200
commit	5a2ba207ed94e79db606f80cf2873367e2a843bf (patch)
tree	9b55b4b8961424cc144ed24092fed7c0a960e9e2 /apps/cmp.c
parent	1693135564d00e34ca9f41ff785b5d60e3500415 (diff)