1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
https://github.com/curl/curl/commit/beb8990d934a01acf103871e463d4e61afc9ded2
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 17 Sep 2021 16:31:25 +0200
Subject: [PATCH] http: fix the broken >3 digit response code detection
When the "reason phrase" in the HTTP status line starts with a digit,
that was treated as the forth response code digit and curl would claim
the response to be non-compliant.
Added test 1466 to verify this case.
Regression brought by 5dc594e44f73b17
Reported-by: Glenn de boer
Fixes #7738
Closes #7739
--- a/lib/http.c
+++ b/lib/http.c
@@ -4232,9 +4232,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
char separator;
char twoorthree[2];
int httpversion = 0;
- int digit4 = -1; /* should remain untouched to be good */
+ char digit4 = 0;
nc = sscanf(HEADER1,
- " HTTP/%1d.%1d%c%3d%1d",
+ " HTTP/%1d.%1d%c%3d%c",
&httpversion_major,
&httpversion,
&separator,
@@ -4250,13 +4250,13 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
/* There can only be a 4th response code digit stored in 'digit4' if
all the other fields were parsed and stored first, so nc is 5 when
- digit4 is not -1 */
- else if(digit4 != -1) {
+ digit4 a digit */
+ else if(ISDIGIT(digit4)) {
failf(data, "Unsupported response code in HTTP response");
return CURLE_UNSUPPORTED_PROTOCOL;
}
- if((nc == 4) && (' ' == separator)) {
+ if((nc >= 4) && (' ' == separator)) {
httpversion += 10 * httpversion_major;
switch(httpversion) {
case 10:
|
