From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Mon, 15 Jul 2019 17:12:04 +0000 (-0400)
Subject: Actually silently ignore GET / OCSP requests
X-Git-Tag: openssl-3.0.0-alpha1~1777
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5fe499cb75469fbda08d96facd13d14a402a6d44;p=thirdparty%2Fopenssl.git

Actually silently ignore GET / OCSP requests

Reviewed-by: Matt Caswell <matt@openssl.org>
---

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 9f2cf453bed..71c6a56f2ff 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1436,9 +1436,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
         *q = '\0';
 
         /*
-         * Skip "GET / HTTP..." requests often used by load-balancers
+         * Skip "GET / HTTP..." requests often used by load-balancers.  Note:
+         * 'p' was incremented above to point to the first byte *after* the
+         * leading slash, so with 'GET / ' it is now an empty string.
          */
-        if (p[1] == '\0')
+        if (p[0] == '\0')
             goto out;
 
         len = urldecode(p);