From 1c5f13d489688e5fbbcdd3d0d2dd766769639939 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Mon, 24 Jul 2017 09:45:51 +0200
Subject: don't try to parse all fields starting with HTTP as status-line

It is highly unlikely to encounter fields which start with HTTP in
practice, but we should really be a bit more restrictive here.
---
 methods/basehttp.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'methods')

diff --git a/methods/basehttp.cc b/methods/basehttp.cc
index c3d570c83..47dabf960 100644
--- a/methods/basehttp.cc
+++ b/methods/basehttp.cc
@@ -85,7 +85,7 @@ bool RequestState::HeaderLine(string const &Line)			/*{{{*/
    if (Line.empty() == true)
       return true;
 
-   if (Line.size() > 4 && stringcasecmp(Line.data(), Line.data()+4, "HTTP") == 0)
+   if (Result == 0 && Line.size() > 4 && stringcasecmp(Line.data(), Line.data() + 4, "HTTP") == 0)
    {
       // Evil servers return no version
       if (Line[4] == '/')
-- 
cgit v1.2.3