Actually silently ignore GET / OCSP requests

author Viktor Dukhovni <openssl-users@dukhovni.org>

Mon, 15 Jul 2019 17:12:04 +0000 (13:12 -0400)

committer Viktor Dukhovni <openssl-users@dukhovni.org>

Tue, 16 Jul 2019 10:11:15 +0000 (06:11 -0400)
author Viktor Dukhovni <openssl-users@dukhovni.org>
Mon, 15 Jul 2019 17:12:04 +0000 (13:12 -0400)
committer Viktor Dukhovni <openssl-users@dukhovni.org>
Tue, 16 Jul 2019 10:11:15 +0000 (06:11 -0400)
diff --git a/apps/ocsp.c b/apps/ocsp.c

index 9f2cf453bed7212462d4d46f0f425872d3a9f1f8..71c6a56f2ff38681ac1e045d81742c814c45fee1 100644 (file)
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1436,9 +1436,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
          *q = '\0';
  
          /*
-         * Skip "GET / HTTP..." requests often used by load-balancers
+         * Skip "GET / HTTP..." requests often used by load-balancers.  Note:
+         * 'p' was incremented above to point to the first byte *after* the
+         * leading slash, so with 'GET / ' it is now an empty string.
           */
-        if (p[1] == '\0')
+        if (p[0] == '\0')
              goto out;
  
          len = urldecode(p);
author	Viktor Dukhovni <openssl-users@dukhovni.org>
	Mon, 15 Jul 2019 17:12:04 +0000 (13:12 -0400)
committer	Viktor Dukhovni <openssl-users@dukhovni.org>
	Tue, 16 Jul 2019 10:11:15 +0000 (06:11 -0400)