diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2020-06-28 20:59:27 +0200 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2021-02-04 11:00:00 +0100 |
| commit | 3e53dbbe758a4e2da378ebf0296d8105d4a5804c (patch) | |
| tree | f5e276a1e180e8f12121fa52e3c4653c2af7fc53 | |
| parent | 96dc40b19623621a9cc2c5541fb3adbbceb553b1 (diff) | |
Ensure HTTP status code text has sensible content
We use the code in error messages, so at least for that edgecase we
should ensure that it has sensible content. Note that the acquire
system aborts on non-sensible message content in SendMessage, so you
can't really exploit this.
| -rw-r--r-- | methods/basehttp.cc | 3 | ||||
| -rw-r--r-- | methods/basehttp.h | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/methods/basehttp.cc b/methods/basehttp.cc index b75b450cc..3786e2e6c 100644 --- a/methods/basehttp.cc +++ b/methods/basehttp.cc @@ -110,6 +110,9 @@ bool RequestState::HeaderLine(string const &Line) /*{{{*/ if (sscanf(Line.c_str(),"HTTP %3u%359[^\n]",&Result,Code) != 2) return _error->Error(_("The HTTP server sent an invalid reply header")); } + auto const CodeLen = strlen(Code); + auto const CodeEnd = std::remove_if(Code, Code + CodeLen, [](char c) { return isprint(c) == 0; }); + *CodeEnd = '\0'; /* Check the HTTP response header to get the default persistence state. */ diff --git a/methods/basehttp.h b/methods/basehttp.h index 62c9963ea..c0d14d854 100644 --- a/methods/basehttp.h +++ b/methods/basehttp.h @@ -60,7 +60,7 @@ struct RequestState bool AddPartialFileToHashes(FileFd &File); RequestState(BaseHttpMethod * const Owner, ServerState * const Server) : - Owner(Owner), Server(Server) { time(&Date); } + Owner(Owner), Server(Server) { time(&Date); Code[0] = '\0'; } }; struct ServerState { |