Fix parsing of max-stale values in Surrogate-Control header

Skip parsing of the max-stale field when the initial max-age value
is not a valid integer value.

 Detected by Coverity Scan. Issue 740361

diff --git a/src/HttpHdrSc.cc b/src/HttpHdrSc.cc
index 34e94f3bb39097f02f7b94271ce15b003c0920f0..05162e1c1c680bc07428d614a40bff56649d7329 100644 (file)
--- a/src/HttpHdrSc.cc
+++ b/src/HttpHdrSc.cc
@@ -196,22 +196,23 @@ HttpHdrSc::parse(const String * str)
             int ma;
             if (p && httpHeaderParseInt(p, &ma)) {
                 sct->maxAge(ma);
+
+                if ((p = strchr (p, '+'))) {
+                    int ms;
+                    ++p; //skip the + char
+                    if (httpHeaderParseInt(p, &ms)) {
+                        sct->maxStale(ms);
+                    } else {
+                        debugs(90, 2, "sc: invalid max-stale specs near '" << item << "'");
+                        sct->clearMaxStale();
+                        /* leave the max-age alone */
+                    }
+                }
             } else {
                 debugs(90, 2, "sc: invalid max-age specs near '" << item << "'");
                 sct->clearMaxAge();
             }
 
-            if ((p = strchr (p, '+'))) {
-                int ms;
-                ++p; //skip the + char
-                if (httpHeaderParseInt(p, &ms)) {
-                    sct->maxStale(ms);
-                } else {
-                    debugs(90, 2, "sc: invalid max-stale specs near '" << item << "'");
-                    sct->clearMaxStale();
-                    /* leave the max-age alone */
-                }
-            }
             break;
         }