Hello, On 2009 m. May 30 d., Saturday 13:43:52 you wrote: > responses. The attached patch fixes the problem by improving parser of the > Status-Line. The previous version of the patch has a couple of typos ('&' was misplaced). A good version is attached to this mail. -- Modestas Vainius <modestas@vainius.eu>
=== modified file 'methods/http.cc' --- methods/http.cc 2009-04-09 02:36:34 +0000 +++ methods/http.cc 2009-05-30 10:01:32 +0000 @@ -544,18 +544,23 @@ if (stringcasecmp(Tag.c_str(),Tag.c_str()+4,"HTTP") == 0) { + int codeoffset; // Evil servers return no version if (Line[4] == '/') { - if (sscanf(Line.c_str(),"HTTP/%u.%u %u %[^\n]",&Major,&Minor, - &Result,Code) != 4) + if (sscanf(Line.c_str(),"HTTP/%u.%u %u%1[ ]%n",&Major,&Minor, + &Result,Code,&codeoffset) == 4) + strcpy(Code, Line.c_str()+codeoffset); + else return _error->Error(_("The HTTP server sent an invalid reply header")); } else { Major = 0; Minor = 9; - if (sscanf(Line.c_str(),"HTTP %u %[^\n]",&Result,Code) != 2) + if (sscanf(Line.c_str(),"HTTP %u%1[ ]%n",&Result,Code,&codeoffset) == 2) + strcpy(Code, Line.c_str()+codeoffset); + else return _error->Error(_("The HTTP server sent an invalid reply header")); }
Attachment:
signature.asc
Description: This is a digitally signed message part.