You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2012/07/22 13:57:26 UTC
svn commit: r1364270 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS
modules/ssl/ssl_util_ocsp.c
Author: rjung
Date: Sun Jul 22 11:57:25 2012
New Revision: 1364270
URL: http://svn.apache.org/viewvc?rev=1364270&view=rev
Log:
modules/ssl/ssl_util_ocsp.c (get_line): Don't set line[-1] to 0
when len == 0.
Backport of r1358061 from trunk.
Submitted by: Jim Meyering <meyering redhat.com>
Reviewed by: jorton, trawick, rjung
Backported by: rjung
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1358061
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1364270&r1=1364269&r2=1364270&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Sun Jul 22 11:57:25 2012
@@ -8,6 +8,9 @@ Changes with Apache 2.4.3
possible XSS for a site where untrusted users can upload files to
a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
+ *) mpm_ssl: Fix handling of empty response from OCSP server.
+ [Jim Meyering <meyering redhat.com>, Joe Orton]
+
*) mpm_event: Fix handling of MaxConnectionsPerChild. [Stefan Fritsch]
*) mod_authz_core: If an expression in "Require expr" returns denied and
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1364270&r1=1364269&r2=1364270&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Sun Jul 22 11:57:25 2012
@@ -88,11 +88,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_ssl: fix OCSP EOL handling
- trunk patch: http://svn.apache.org/viewvc?rev=1358061&view=rev
- 2.4.x patch: trunk patch works
- +1: jorton, trawick, rjung
-
* core: log value of Status line in script responses instead of header name
trunk patch: http://svn.apache.org/viewvc?rev=1362538&view=rev
2.4.x patch: trunk patch works
Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c?rev=1364270&r1=1364269&r2=1364270&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c Sun Jul 22 11:57:25 2012
@@ -153,7 +153,13 @@ static char *get_line(apr_bucket_brigade
return NULL;
}
- if (len && line[len-1] != APR_ASCII_LF) {
+ if (len == 0) {
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(02321)
+ "empty response from OCSP server");
+ return NULL;
+ }
+
+ if (line[len-1] != APR_ASCII_LF) {
ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(01979)
"response header line too long from OCSP server");
return NULL;