httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r1641077 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_util_stapling.c
Date Sat, 22 Nov 2014 14:51:01 GMT
Author: trawick
Date: Sat Nov 22 14:51:01 2014
New Revision: 1641077

URL: http://svn.apache.org/r1641077
Log:
mod_ssl: Fix recognition of OCSP stapling responses that are encoded
         improperly or too large.

The one byte "ok" flag stored with the response was accounted for in
the wrong condition.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1641077&r1=1641076&r2=1641077&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sat Nov 22 14:51:01 2014
@@ -5,6 +5,9 @@ Changes with Apache 2.5.0
      mod_proxy_fcgi: Fix a potential crash with response headers' size above 
      8K. [Teguh <chain rop.io>, Yann Ylavic, Jeff Trawick]
 
+  *) mod_ssl: Fix recognition of OCSP stapling responses that are encoded
+     improperly or too large.  [Jeff Trawick]
+
   *) mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an
      error when parsing or forwarding the response fails. [Yann Ylavic]
 

Modified: httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c?rev=1641077&r1=1641076&r2=1641077&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c Sat Nov 22 14:51:01 2014
@@ -210,13 +210,13 @@ static BOOL stapling_cache_response(serv
                                     BOOL ok, apr_pool_t *pool)
 {
     SSLModConfigRec *mc = myModConfig(s);
-    unsigned char resp_der[MAX_STAPLING_DER];
+    unsigned char resp_der[MAX_STAPLING_DER]; /* includes one-byte flag + response */
     unsigned char *p;
     int resp_derlen;
     BOOL rv;
     apr_time_t expiry;
 
-    resp_derlen = i2d_OCSP_RESPONSE(rsp, NULL) + 1;
+    resp_derlen = i2d_OCSP_RESPONSE(rsp, NULL);
 
     if (resp_derlen <= 0) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01927)
@@ -224,7 +224,7 @@ static BOOL stapling_cache_response(serv
         return FALSE;
     }
 
-    if (resp_derlen > sizeof resp_der) {
+    if (resp_derlen + 1 > sizeof resp_der) { /* response + ok flag too big? */
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01928)
                      "OCSP stapling response too big (%u bytes)", resp_derlen);
         return FALSE;



Mime
View raw message