strtoofft: after space, there cannot be a control code

With the change from ISSPACE() to ISBLANK() this function no longer
deals with (ignores) control codes the same way, which could lead to
this function returning unexpected values like in the case of
"Content-Length: \r-12354".

Follow-up to 6f9fb7ec2d7cb389a0da5

Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51140
Assisted-by: Max Dymond
Closes #9458

diff --git a/lib/strtoofft.c b/lib/strtoofft.c
index 83dea5c4b79ea7d179495c77bd60d0bade20b395..30deb8c05b290b2581555877a045736fac719b7c 100644 (file)
--- a/lib/strtoofft.c
+++ b/lib/strtoofft.c
@@ -224,7 +224,7 @@ CURLofft curlx_strtoofft(const char *str, char **endp, int base,
 
   while(*str && ISBLANK(*str))
     str++;
-  if('-' == *str) {
+  if(('-' == *str) || (ISSPACE(*str))) {
     if(endp)
       *endp = (char *)str; /* didn't actually move */
     return CURL_OFFT_INVAL; /* nothing parsed */