* https://tools.ietf.org/html/rfc7230#section-3.1.2
*
* The response code is always a three-digit number in HTTP as the spec
- * says. We try to allow any number here, but we cannot make
+ * says. We allow any three-digit number here, but we cannot make
* guarantees on future behaviors since it isn't within the protocol.
*/
char separator;
char twoorthree[2];
int httpversion = 0;
+ int digit4 = -1; /* should remain untouched to be good */
nc = sscanf(HEADER1,
- " HTTP/%1d.%1d%c%3d",
+ " HTTP/%1d.%1d%c%3d%1d",
&httpversion_major,
&httpversion,
&separator,
- &k->httpcode);
+ &k->httpcode,
+ &digit4);
if(nc == 1 && httpversion_major >= 2 &&
2 == sscanf(HEADER1, " HTTP/%1[23] %d", twoorthree, &k->httpcode)) {
separator = ' ';
}
+ /* There can only be a 4th response code digit stored in 'digit4' if
+ all the other fields were parsed and stored first, so nc is 5 when
+ digit4 is not -1 */
+ else if(digit4 != -1) {
+ failf(data, "Unsupported response code in HTTP response");
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
+
if((nc == 4) && (' ' == separator)) {
httpversion += 10 * httpversion_major;
switch(httpversion) {
<reply>
<data nocheck="yes">
-HTTP/1.1 2345 OK
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
-ETag: "21025-dc7-39462498"
-Accept-Ranges: bytes
-Content-Length: 6
-Connection: close
-Content-Type: text/html
-Funny-head: yesyes
-
+HTTP/1.1 999 OK\r
+Date: Tue, 09 Nov 2010 14:49:00 GMT\r
+Server: test-server/fake\r
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT\r
+ETag: "21025-dc7-39462498"\r
+Accept-Ranges: bytes\r
+Content-Length: 6\r
+Connection: close\r
+Content-Type: text/html\r
+Funny-head: yesyes\r
+\r
-foo-
</data>
</reply>
</server>
<name>
-HTTP GET with 4-digit response code
+HTTP GET with 999 response code
</name>
<command>
-http://%HOSTIP:%HTTPPORT/%TESTNUMBER --write-out '%{response_code}' --http0.9
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER --write-out '%{response_code}'
</command>
</client>
# Verify data after the test has been "shot"
<verify>
<stdout nonewline="yes">
-HTTP/1.1 2345 OK
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
-ETag: "21025-dc7-39462498"
-Accept-Ranges: bytes
-Content-Length: 6
-Connection: close
-Content-Type: text/html
-Funny-head: yesyes
-
+HTTP/1.1 999 OK\r
+Date: Tue, 09 Nov 2010 14:49:00 GMT\r
+Server: test-server/fake\r
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT\r
+ETag: "21025-dc7-39462498"\r
+Accept-Ranges: bytes\r
+Content-Length: 6\r
+Connection: close\r
+Content-Type: text/html\r
+Funny-head: yesyes\r
+\r
-foo-
-234
+999
</stdout>
<protocol>
GET /%TESTNUMBER HTTP/1.1\r
projects / thirdparty / curl.git / commitdiff
