From: Joe Orton <jorton@apache.org>
Date: Mon, 3 Dec 2007 11:15:31 +0000 (+0000)
Subject: * modules/ssl/ssl_util_ocsp.c (read_response): Bail out if the maximum
X-Git-Tag: 2.3.0~1181
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=080255428bf8e782718ccf931ef98881a142e39c;p=thirdparty%2Fapache%2Fhttpd.git

* modules/ssl/ssl_util_ocsp.c (read_response): Bail out if the maximum
  response-header count is exceeded.  Also bump to APLOG_ERR the log
  message given after a header read error.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600482 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_util_ocsp.c b/modules/ssl/ssl_util_ocsp.c
index 497717a6650..d482e8cfa70 100644
--- a/modules/ssl/ssl_util_ocsp.c
+++ b/modules/ssl/ssl_util_ocsp.c
@@ -207,8 +207,14 @@ static OCSP_RESPONSE *read_response(apr_socket_t *sd, BIO *bio, conn_rec *c,
                       "OCSP response header: %s", line);
     }
 
-    if (!line) {
-        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
+    if (count == MAX_HEADERS) {
+        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
+                      "could not read response headers from OCSP server, "
+                      "exceeded maximum count (%u)", MAX_HEADERS);
+        return NULL;
+    }
+    else if (!line) {
+        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
                       "could not read response header from OCSP server");
         return NULL;
     }