Browse Source

don't try to parse all fields starting with HTTP as status-line

It is highly unlikely to encounter fields which start with HTTP in
practice, but we should really be a bit more restrictive here.
tags/debian/1.5_beta2
David Kalnischkies 3 years ago
parent
commit
1c5f13d489
2 changed files with 3 additions and 1 deletions
  1. +1
    -1
      methods/basehttp.cc
  2. +2
    -0
      test/integration/test-bug-778375-server-has-no-reason-phrase

+ 1
- 1
methods/basehttp.cc View File

@@ -85,7 +85,7 @@ bool RequestState::HeaderLine(string const &Line) /*{{{*/
if (Line.empty() == true)
return true;

if (Line.size() > 4 && stringcasecmp(Line.data(), Line.data()+4, "HTTP") == 0)
if (Result == 0 && Line.size() > 4 && stringcasecmp(Line.data(), Line.data() + 4, "HTTP") == 0)
{
// Evil servers return no version
if (Line[4] == '/')


+ 2
- 0
test/integration/test-bug-778375-server-has-no-reason-phrase View File

@@ -12,6 +12,8 @@ changetohttpswebserver -o 'aptwebserver::redirect::replace::/redirectme/=/' \
-o 'aptwebserver::httpcode::200=200' -o 'aptwebserver::httpcode::404=404' \
-o 'aptwebserver::httpcode::301=301'
webserverconfig 'aptwebserver::empty-response-header::' 'foobar'
webserverconfig 'aptwebserver::response-header::HTTP-Trigger-Field' 'bug'
webserverconfig 'aptwebserver::response-header::Httputter-Trigger-Field' 'bug'

testdownload() {
rm -f downfile


Loading…
Cancel
Save