From 3e53dbbe758a4e2da378ebf0296d8105d4a5804c Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Sun, 28 Jun 2020 20:59:27 +0200
Subject: Ensure HTTP status code text has sensible content

We use the code in error messages, so at least for that edgecase we
should ensure that it has sensible content. Note that the acquire
system aborts on non-sensible message content in SendMessage, so you
can't really exploit this.
---
 methods/basehttp.cc | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'methods/basehttp.cc')

diff --git a/methods/basehttp.cc b/methods/basehttp.cc
index b75b450cc..3786e2e6c 100644
--- a/methods/basehttp.cc
+++ b/methods/basehttp.cc
@@ -110,6 +110,9 @@ bool RequestState::HeaderLine(string const &Line)			/*{{{*/
 	 if (sscanf(Line.c_str(),"HTTP %3u%359[^\n]",&Result,Code) != 2)
 	    return _error->Error(_("The HTTP server sent an invalid reply header"));
       }
+      auto const CodeLen = strlen(Code);
+      auto const CodeEnd = std::remove_if(Code, Code + CodeLen, [](char c) { return isprint(c) == 0; });
+      *CodeEnd = '\0';
 
       /* Check the HTTP response header to get the default persistence
          state. */
-- 
cgit v1.2.3-70-g09d2