mirror of
https://github.com/openssl/openssl.git
synced 2025-03-31 20:10:45 +08:00
tls_validate_record_header(): Check for all HTTP methods
The change checks for all HTTP methods in ssl_record, not only GET, POST, PUT and HEAD. (additionally PATCH, DELETE, OPTIONS and TRACE) CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26968)
This commit is contained in:
parent
e599893a9f
commit
30fbc68dd4
@ -67,6 +67,10 @@ static int tls_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
|
||||
if (HAS_PREFIX((char *)p, "GET ") ||
|
||||
HAS_PREFIX((char *)p, "POST ") ||
|
||||
HAS_PREFIX((char *)p, "HEAD ") ||
|
||||
HAS_PREFIX((char *)p, "PATCH") ||
|
||||
HAS_PREFIX((char *)p, "OPTIO") ||
|
||||
HAS_PREFIX((char *)p, "DELET") ||
|
||||
HAS_PREFIX((char *)p, "TRACE") ||
|
||||
HAS_PREFIX((char *)p, "PUT ")) {
|
||||
RLAYERfatal(rl, SSL_AD_NO_ALERT, SSL_R_HTTP_REQUEST);
|
||||
return 0;
|
||||
|
Loading…
x
Reference in New Issue
Block a user