From 1c5f13d489688e5fbbcdd3d0d2dd766769639939 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 24 Jul 2017 09:45:51 +0200 Subject: don't try to parse all fields starting with HTTP as status-line It is highly unlikely to encounter fields which start with HTTP in practice, but we should really be a bit more restrictive here. --- methods/basehttp.cc | 2 +- test/integration/test-bug-778375-server-has-no-reason-phrase | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/methods/basehttp.cc b/methods/basehttp.cc index c3d570c83..47dabf960 100644 --- a/methods/basehttp.cc +++ b/methods/basehttp.cc @@ -85,7 +85,7 @@ bool RequestState::HeaderLine(string const &Line) /*{{{*/ if (Line.empty() == true) return true; - if (Line.size() > 4 && stringcasecmp(Line.data(), Line.data()+4, "HTTP") == 0) + if (Result == 0 && Line.size() > 4 && stringcasecmp(Line.data(), Line.data() + 4, "HTTP") == 0) { // Evil servers return no version if (Line[4] == '/') diff --git a/test/integration/test-bug-778375-server-has-no-reason-phrase b/test/integration/test-bug-778375-server-has-no-reason-phrase index 28e31e069..e04f4850f 100755 --- a/test/integration/test-bug-778375-server-has-no-reason-phrase +++ b/test/integration/test-bug-778375-server-has-no-reason-phrase @@ -12,6 +12,8 @@ changetohttpswebserver -o 'aptwebserver::redirect::replace::/redirectme/=/' \ -o 'aptwebserver::httpcode::200=200' -o 'aptwebserver::httpcode::404=404' \ -o 'aptwebserver::httpcode::301=301' webserverconfig 'aptwebserver::empty-response-header::' 'foobar' +webserverconfig 'aptwebserver::response-header::HTTP-Trigger-Field' 'bug' +webserverconfig 'aptwebserver::response-header::Httputter-Trigger-Field' 'bug' testdownload() { rm -f downfile -- cgit v1.2.3