From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Fri, 11 Dec 2020 13:46:49 +0000 (+0100)
Subject: Avoid out of bounds access on empty path and do not send a body on 404
X-Git-Tag: rec-4.5.0-alpha1~72^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F9840%2Fhead;p=thirdparty%2Fpdns.git

Avoid out of bounds access on empty path and do not send a body on 404
---

diff --git a/pdns/ws-recursor.cc b/pdns/ws-recursor.cc
index 8eac8adab1..c6f521d8fb 100644
--- a/pdns/ws-recursor.cc
+++ b/pdns/ws-recursor.cc
@@ -499,11 +499,10 @@ static void serveStuff(HttpRequest* req, HttpResponse* resp)
   resp->headers["X-XSS-Protection"] = "1; mode=block";
   //  resp->headers["Content-Security-Policy"] = "default-src 'self'; style-src 'self' 'unsafe-inline'";
 
-  if (g_urlmap.count(req->url.path.c_str()+1)) {
+  if (!req->url.path.empty() && g_urlmap.count(req->url.path.c_str()+1)) {
     resp->body = g_urlmap.at(req->url.path.c_str()+1);
     resp->status = 200;
   } else {
-    resp->body = "Not Found";
     resp->status = 404;
   }
 }