mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-12 20:30:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

tls_validate_record_header(): Check for all HTTP methods

Browse Source 
The change checks for all HTTP methods in ssl_record, not only GET, POST,
PUT and HEAD. (additionally PATCH, DELETE, OPTIONS and TRACE)

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26968)
This commit is contained in:
daum3ns 2025-03-04 11:54:08 +01:00 committed by Tomas Mraz
parent e599893a9f
commit 30fbc68dd4
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/record/methods/tlsany_meth.c
View File

@ -67,6 +67,10 @@ static int tls_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
if (HAS_PREFIX((char *)p, "GET ") ||
HAS_PREFIX((char *)p, "POST ") ||
HAS_PREFIX((char *)p, "HEAD ") ||
HAS_PREFIX((char *)p, "PATCH") ||
HAS_PREFIX((char *)p, "OPTIO") ||
HAS_PREFIX((char *)p, "DELET") ||
HAS_PREFIX((char *)p, "TRACE") ||
HAS_PREFIX((char *)p, "PUT ")) {
RLAYERfatal(rl, SSL_AD_NO_ALERT, SSL_R_HTTP_REQUEST);
return 0;