From 4fc290d05d3c367f078370559719875439a423eb Mon Sep 17 00:00:00 2001
From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Fri, 11 Dec 2020 14:46:49 +0100
Subject: [PATCH] Avoid out of bounds access on empty path and do not send a
 body on 404

---
 pdns/ws-recursor.cc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pdns/ws-recursor.cc b/pdns/ws-recursor.cc
index 8eac8adab1..c6f521d8fb 100644
--- a/pdns/ws-recursor.cc
+++ b/pdns/ws-recursor.cc
@@ -499,11 +499,10 @@ static void serveStuff(HttpRequest* req, HttpResponse* resp)
   resp->headers["X-XSS-Protection"] = "1; mode=block";
   //  resp->headers["Content-Security-Policy"] = "default-src 'self'; style-src 'self' 'unsafe-inline'";
 
-  if (g_urlmap.count(req->url.path.c_str()+1)) {
+  if (!req->url.path.empty() && g_urlmap.count(req->url.path.c_str()+1)) {
     resp->body = g_urlmap.at(req->url.path.c_str()+1);
     resp->status = 200;
   } else {
-    resp->body = "Not Found";
     resp->status = 404;
   }
 }
-- 
2.47.2