Fossil SCM
Only accept commas as separators for multiple values in "Connection:" HTTP headers, and ignore any white space surrounding (but not embedded into) values. The previous method would fall for (fictional) HTTP header values containing spaces, like "Connection: don't close", and recognize a value of "close".
Commit
6173fbf526812c92cdfbe18a7c8d5c532dc6a0b3a09477b170de6ca35a281711
Parent
7ac3db68d5a8204…
1 file changed
+8
-4
+8
-4
| --- src/http.c | ||
| +++ src/http.c | ||
| @@ -569,19 +569,23 @@ | ||
| 569 | 569 | closeConnection = 0; |
| 570 | 570 | }else if( fossil_strnicmp(zLine, "content-length:", 15)==0 ){ |
| 571 | 571 | for(i=15; fossil_isspace(zLine[i]); i++){} |
| 572 | 572 | iLength = atoi(&zLine[i]); |
| 573 | 573 | }else if( fossil_strnicmp(zLine, "connection:", 11)==0 ){ |
| 574 | - int j; /* Points to end of value (space, semicolon or zero terminator). */ | |
| 574 | + int j; /* Position of next separator (comma or zero terminator). */ | |
| 575 | + int k = 0; /* Position after last non-space char for current value. */ | |
| 575 | 576 | i = 11; |
| 576 | 577 | do{ |
| 577 | 578 | while( fossil_isspace(zLine[i]) || zLine[i]==',' ) i++; |
| 578 | 579 | j = i; |
| 579 | - while( !fossil_isspace(zLine[j]) && zLine[j]!=',' && zLine[j] ) j++; | |
| 580 | - if( j-i==5 && fossil_strnicmp(&zLine[i], "close", 5)==0 ){ | |
| 580 | + while( zLine[j] && zLine[j]!=',' ){ | |
| 581 | + if( !fossil_isspace(zLine[j]) ) k = j + 1; | |
| 582 | + j++; | |
| 583 | + } | |
| 584 | + if( k-i==5 && fossil_strnicmp(&zLine[i], "close", 5)==0 ){ | |
| 581 | 585 | closeConnection = 1; |
| 582 | - }else if( j-i==10 && fossil_strnicmp(&zLine[i], "keep-alive", 10)==0 ){ | |
| 586 | + }else if( k-i==10 && fossil_strnicmp(&zLine[i], "keep-alive", 10)==0 ){ | |
| 583 | 587 | closeConnection = 0; |
| 584 | 588 | } |
| 585 | 589 | i = j; |
| 586 | 590 | }while( zLine[i] ); |
| 587 | 591 | }else if( ( rc==301 || rc==302 || rc==307 || rc==308 ) && |
| 588 | 592 |
| --- src/http.c | |
| +++ src/http.c | |
| @@ -569,19 +569,23 @@ | |
| 569 | closeConnection = 0; |
| 570 | }else if( fossil_strnicmp(zLine, "content-length:", 15)==0 ){ |
| 571 | for(i=15; fossil_isspace(zLine[i]); i++){} |
| 572 | iLength = atoi(&zLine[i]); |
| 573 | }else if( fossil_strnicmp(zLine, "connection:", 11)==0 ){ |
| 574 | int j; /* Points to end of value (space, semicolon or zero terminator). */ |
| 575 | i = 11; |
| 576 | do{ |
| 577 | while( fossil_isspace(zLine[i]) || zLine[i]==',' ) i++; |
| 578 | j = i; |
| 579 | while( !fossil_isspace(zLine[j]) && zLine[j]!=',' && zLine[j] ) j++; |
| 580 | if( j-i==5 && fossil_strnicmp(&zLine[i], "close", 5)==0 ){ |
| 581 | closeConnection = 1; |
| 582 | }else if( j-i==10 && fossil_strnicmp(&zLine[i], "keep-alive", 10)==0 ){ |
| 583 | closeConnection = 0; |
| 584 | } |
| 585 | i = j; |
| 586 | }while( zLine[i] ); |
| 587 | }else if( ( rc==301 || rc==302 || rc==307 || rc==308 ) && |
| 588 |
| --- src/http.c | |
| +++ src/http.c | |
| @@ -569,19 +569,23 @@ | |
| 569 | closeConnection = 0; |
| 570 | }else if( fossil_strnicmp(zLine, "content-length:", 15)==0 ){ |
| 571 | for(i=15; fossil_isspace(zLine[i]); i++){} |
| 572 | iLength = atoi(&zLine[i]); |
| 573 | }else if( fossil_strnicmp(zLine, "connection:", 11)==0 ){ |
| 574 | int j; /* Position of next separator (comma or zero terminator). */ |
| 575 | int k = 0; /* Position after last non-space char for current value. */ |
| 576 | i = 11; |
| 577 | do{ |
| 578 | while( fossil_isspace(zLine[i]) || zLine[i]==',' ) i++; |
| 579 | j = i; |
| 580 | while( zLine[j] && zLine[j]!=',' ){ |
| 581 | if( !fossil_isspace(zLine[j]) ) k = j + 1; |
| 582 | j++; |
| 583 | } |
| 584 | if( k-i==5 && fossil_strnicmp(&zLine[i], "close", 5)==0 ){ |
| 585 | closeConnection = 1; |
| 586 | }else if( k-i==10 && fossil_strnicmp(&zLine[i], "keep-alive", 10)==0 ){ |
| 587 | closeConnection = 0; |
| 588 | } |
| 589 | i = j; |
| 590 | }while( zLine[i] ); |
| 591 | }else if( ( rc==301 || rc==302 || rc==307 || rc==308 ) && |
| 592 |