You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2013/05/31 18:17:36 UTC
svn commit: r1488296 - in /httpd/httpd/trunk: CHANGES
modules/ssl/ssl_util_ocsp.c
Author: jorton
Date: Fri May 31 16:17:36 2013
New Revision: 1488296
URL: http://svn.apache.org/r1488296
Log:
* modules/ssl/ssl_util_ocsp.c (read_response): Ignore empty buckets in
the brigade, which can be left over from line splitting. Fixes case
where the OCSP response was only partially read from the wire.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1488296&r1=1488295&r2=1488296&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri May 31 16:17:36 2013
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_ssl: Fix possible truncation of OCSP responses when reading from the
+ server. [Joe Orton]
+
*) mod_session_dbd: Make sure that dirty flag is respected when saving
sessions, and ensure the session ID is changed each time the session
changes. [Takashi Sato <takashi tks.st>, Graham Leggett]
Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c?rev=1488296&r1=1488295&r2=1488296&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c Fri May 31 16:17:36 2013
@@ -236,7 +236,7 @@ static OCSP_RESPONSE *read_response(apr_
apr_bucket *e = APR_BRIGADE_FIRST(bb);
rv = apr_bucket_read(e, &data, &len, APR_BLOCK_READ);
- if (rv == APR_EOF || (rv == APR_SUCCESS && len == 0)) {
+ if (rv == APR_EOF) {
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(01984)
"OCSP response: got EOF");
break;
@@ -246,6 +246,12 @@ static OCSP_RESPONSE *read_response(apr_
"error reading response from OCSP server");
return NULL;
}
+ if (len == 0) {
+ /* Ignore zero-length buckets (possible side-effect of
+ * line splitting). */
+ apr_bucket_delete(e);
+ continue;
+ }
count += len;
if (count > MAX_CONTENT) {
ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(01986)