[arch-commits] Commit in curl/trunk (2 files)
Christian Hesse
eworm at gemini.archlinux.org
Tue Sep 21 07:27:09 UTC 2021
Date: Tuesday, September 21, 2021 @ 07:27:09
Author: eworm
Revision: 424453
upgpkg: curl 7.79.0-4: http: fix the broken >3 digit response code detection
Added:
curl/trunk/0002-http-fix-the-broken-3-digit-response-code-detection.patch
Modified:
curl/trunk/PKGBUILD
----------------------------------------------------------------+
0002-http-fix-the-broken-3-digit-response-code-detection.patch | 119 ++++++++++
PKGBUILD | 9
2 files changed, 125 insertions(+), 3 deletions(-)
Added: 0002-http-fix-the-broken-3-digit-response-code-detection.patch
===================================================================
--- 0002-http-fix-the-broken-3-digit-response-code-detection.patch (rev 0)
+++ 0002-http-fix-the-broken-3-digit-response-code-detection.patch 2021-09-21 07:27:09 UTC (rev 424453)
@@ -0,0 +1,119 @@
+From beb8990d934a01acf103871e463d4e61afc9ded2 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel at haxx.se>
+Date: Fri, 17 Sep 2021 16:31:25 +0200
+Subject: http: fix the broken >3 digit response code detection
+
+When the "reason phrase" in the HTTP status line starts with a digit,
+that was treated as the forth response code digit and curl would claim
+the response to be non-compliant.
+
+Added test 1466 to verify this case.
+
+Regression brought by 5dc594e44f73b17
+Reported-by: Glenn de boer
+Fixes #7738
+Closes #7739
+---
+ lib/http.c | 10 +++++-----
+ tests/data/Makefile.inc | 2 +-
+ tests/data/test1466 | 45 +++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 51 insertions(+), 6 deletions(-)
+ create mode 100644 tests/data/test1466
+
+diff --git a/lib/http.c b/lib/http.c
+index d5c36dd54..648583c56 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -4232,9 +4232,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
+ char separator;
+ char twoorthree[2];
+ int httpversion = 0;
+- int digit4 = -1; /* should remain untouched to be good */
++ char digit4 = 0;
+ nc = sscanf(HEADER1,
+- " HTTP/%1d.%1d%c%3d%1d",
++ " HTTP/%1d.%1d%c%3d%c",
+ &httpversion_major,
+ &httpversion,
+ &separator,
+@@ -4250,13 +4250,13 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
+
+ /* There can only be a 4th response code digit stored in 'digit4' if
+ all the other fields were parsed and stored first, so nc is 5 when
+- digit4 is not -1 */
+- else if(digit4 != -1) {
++ digit4 a digit */
++ else if(ISDIGIT(digit4)) {
+ failf(data, "Unsupported response code in HTTP response");
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
+
+- if((nc == 4) && (' ' == separator)) {
++ if((nc >= 4) && (' ' == separator)) {
+ httpversion += 10 * httpversion_major;
+ switch(httpversion) {
+ case 10:
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 787c36375..91b8c18eb 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -182,7 +182,7 @@ test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 \
+ test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 \
+ test1448 test1449 test1450 test1451 test1452 test1453 test1454 test1455 \
+ test1456 test1457 test1458 test1459 test1460 test1461 test1462 test1463 \
+-test1464 test1465 \
++test1464 test1465 test1466 \
+ \
+ test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
+ test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
+diff --git a/tests/data/test1466 b/tests/data/test1466
+new file mode 100644
+index 000000000..0955d660c
+--- /dev/null
++++ b/tests/data/test1466
+@@ -0,0 +1,45 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP GET
++</keywords>
++</info>
++
++<reply>
++<data>
++HTTP/1.1 405 405
++Content-Length: 6
++Connection: close
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++
++<name>
++HTTP GET with 3-digit response and only digits in reason
++ </name>
++ <command>
++http://%HOSTIP:%HTTPPORT/%TESTNUMBER
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol>
++GET /%TESTNUMBER HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++User-Agent: curl/%VERSION
++Accept: */*
++
++</protocol>
++</verify>
++</testcase>
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-09-21 07:06:33 UTC (rev 424452)
+++ PKGBUILD 2021-09-21 07:27:09 UTC (rev 424453)
@@ -6,7 +6,7 @@
pkgname=curl
pkgver=7.79.0
-pkgrel=3
+pkgrel=4
pkgdesc='An URL retrieval utility and library'
arch=('x86_64')
url='https://curl.haxx.se'
@@ -16,10 +16,12 @@
'openssl' 'zlib' 'zstd' 'libzstd.so')
provides=('libcurl.so')
source=("https://curl.haxx.se/download/${pkgname}-${pkgver}.tar.gz"{,.asc}
- '0001-Curl_http2_setup-do-not-change-connection-data-on-repeat-invokes.patch')
+ '0001-Curl_http2_setup-do-not-change-connection-data-on-repeat-invokes.patch'
+ '0002-http-fix-the-broken-3-digit-response-code-detection.patch')
sha512sums=('6529645774bd2687535cfaec5949281f305c2910da3bd4de22713ab370fde0d05c416579b46aef7eaaf5f73d882e96b8268b80b6802b978f9c54b0a837420dad'
'SKIP'
- 'f83ba83073a90ab369c7c0e06d440d6d8be87c72800095c35d803bca246ea5ee73b811b210ce9d8a7ee137583ca3e839afd8eb9accf699f655e9db82a7bdef71')
+ 'f83ba83073a90ab369c7c0e06d440d6d8be87c72800095c35d803bca246ea5ee73b811b210ce9d8a7ee137583ca3e839afd8eb9accf699f655e9db82a7bdef71'
+ 'e8448cea7f8ddc0cd5a6d632f6e8d537b82820f49ca91b17858802893eeaef4255a50aba9426870cdf9ee5c1cc121b977426313d42a0c0be12e9ea237ff0201f')
validpgpkeys=('27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2') # Daniel Stenberg
prepare() {
@@ -26,6 +28,7 @@
cd "${pkgname}-${pkgver}"
patch -Np1 < ../0001-Curl_http2_setup-do-not-change-connection-data-on-repeat-invokes.patch
+ patch -Np1 < ../0002-http-fix-the-broken-3-digit-response-code-detection.patch
}
build() {
More information about the arch-commits
mailing list