From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 9 Sep 2022 10:46:01 +0000 (+0200)
Subject: strtoofft: after space, there cannot be a control code
X-Git-Tag: curl-7_86_0~283
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=279f638b749aad77323edc1ddeab9f70e9903110;p=thirdparty%2Fcurl.git

strtoofft: after space, there cannot be a control code

With the change from ISSPACE() to ISBLANK() this function no longer
deals with (ignores) control codes the same way, which could lead to
this function returning unexpected values like in the case of
"Content-Length: \r-12354".

Follow-up to 6f9fb7ec2d7cb389a0da5

Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51140
Assisted-by: Max Dymond
Closes #9458
---

diff --git a/lib/strtoofft.c b/lib/strtoofft.c
index 83dea5c4b7..30deb8c05b 100644
--- a/lib/strtoofft.c
+++ b/lib/strtoofft.c
@@ -224,7 +224,7 @@ CURLofft curlx_strtoofft(const char *str, char **endp, int base,
 
   while(*str && ISBLANK(*str))
     str++;
-  if('-' == *str) {
+  if(('-' == *str) || (ISSPACE(*str))) {
     if(endp)
       *endp = (char *)str; /* didn't actually move */
     return CURL_OFFT_INVAL; /* nothing parsed */