hsts: support "implied LWS" properly around max-age

Adjust test 780 to verify.

Reported-by: newfunction
Closes #15330

diff --git a/lib/hsts.c b/lib/hsts.c
index 12052ce53c1c5a75b0764f3260eae36f41457c4a..5b0137263b08af77df2521381cfb9ba62c9aa20e 100644 (file)
--- a/lib/hsts.c
+++ b/lib/hsts.c
@@ -159,7 +159,7 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
   do {
     while(*p && ISBLANK(*p))
       p++;
-    if(strncasecompare("max-age=", p, 8)) {
+    if(strncasecompare("max-age", p, 7)) {
       bool quoted = FALSE;
       CURLofft offt;
       char *endp;
@@ -167,9 +167,14 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
       if(gotma)
         return CURLE_BAD_FUNCTION_ARGUMENT;
 
-      p += 8;
+      p += 7;
       while(*p && ISBLANK(*p))
         p++;
+      if(*p++ != '=')
+        return CURLE_BAD_FUNCTION_ARGUMENT;
+      while(*p && ISBLANK(*p))
+        p++;
+
       if(*p == '\"') {
         p++;
         quoted = TRUE;

diff --git a/tests/data/test780 b/tests/data/test780
index 3db14d193d458ac223627e8f1c5d41782b3f5055..cdb8b711f78bd58d9d005ec5e2ea2199042f2850 100644 (file)
--- a/tests/data/test780
+++ b/tests/data/test780
@@ -22,7 +22,7 @@ Date: Tue, 09 Nov 2010 14:49:00 GMT
 Server: test-server/fake swsclose
 Content-Type: text/html
 Funny-head: yesyes
-Strict-Transport-Security: max-age=1000
+Strict-Transport-Security: max-age  = 1000
 
 </data>
 </reply>
@@ -68,7 +68,7 @@ Date: Tue, 09 Nov 2010 14:49:00 GMT
 Server: test-server/fake swsclose
 Content-Type: text/html
 Funny-head: yesyes
-Strict-Transport-Security: max-age=1000
+Strict-Transport-Security: max-age  = 1000
 
 </stdout>