From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sat, 22 Aug 2009 10:43:54 +0000 (+1200)
Subject: Bug 2745: Invalid response error on small reads
X-Git-Tag: SQUID_3_2_0_1~773
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6934ca51cd8df0b0cb95f8b78ae11b7b56963fc6;p=thirdparty%2Fsquid.git

Bug 2745: Invalid response error on small reads

Also adds extra unit-tests for these cases.
---

diff --git a/src/HttpReply.cc b/src/HttpReply.cc
index 16538b9516..ca7b537c22 100644
--- a/src/HttpReply.cc
+++ b/src/HttpReply.cc
@@ -481,7 +481,7 @@ HttpReply::sanityCheckStartLine(MemBuf *buf, const size_t hdr_len, http_status *
     // skip arbitrary number of spaces...
     while (pos <= buf->contentSize() && (char)*(buf->content()+pos) == ' ') ++pos;
 
-    if (!xisdigit(*(buf->content()+pos))) {
+    if (pos < buf->contentSize() && !xisdigit(*(buf->content()+pos))) {
         debugs(58, 3, "HttpReply::sanityCheckStartLine: missing or invalid status number in '" << buf->content() << "'");
         *error = HTTP_INVALID_HEADER;
         return false;
diff --git a/src/tests/testHttpReply.cc b/src/tests/testHttpReply.cc
index 81fa94e954..ea064276f4 100644
--- a/src/tests/testHttpReply.cc
+++ b/src/tests/testHttpReply.cc
@@ -129,7 +129,48 @@ testHttpReply::testSanityCheckFirstLine()
     input.reset();
     error = HTTP_STATUS_NONE;
 
-#if FUTURE
+    // incomplete (short) status lines... not sane (yet), but no error either.
+    input.append("H", 1);
+    hdr_len = headersEnd(input.content(),input.contentSize());
+    CPPUNIT_ASSERT(!engine.sanityCheckStartLine(&input, hdr_len, &error) );
+    CPPUNIT_ASSERT_EQUAL(error, HTTP_STATUS_NONE);
+    input.reset();
+    error = HTTP_STATUS_NONE;
+
+    input.append("HTTP/", 5);
+    hdr_len = headersEnd(input.content(),input.contentSize());
+    CPPUNIT_ASSERT(!engine.sanityCheckStartLine(&input, hdr_len, &error) );
+    CPPUNIT_ASSERT_EQUAL(error, HTTP_STATUS_NONE);
+    input.reset();
+    error = HTTP_STATUS_NONE;
+
+    input.append("HTTP/1", 6);
+    hdr_len = headersEnd(input.content(),input.contentSize());
+    CPPUNIT_ASSERT(!engine.sanityCheckStartLine(&input, hdr_len, &error) );
+    CPPUNIT_ASSERT_EQUAL(error, HTTP_STATUS_NONE);
+    input.reset();
+    error = HTTP_STATUS_NONE;
+
+    input.append("HTTP/1.1", 8);
+    hdr_len = headersEnd(input.content(),input.contentSize());
+    CPPUNIT_ASSERT(!engine.sanityCheckStartLine(&input, hdr_len, &error) );
+    CPPUNIT_ASSERT_EQUAL(error, HTTP_STATUS_NONE);
+    input.reset();
+    error = HTTP_STATUS_NONE;
+
+    input.append("HTTP/1.1 ", 9); /* real case seen */
+    hdr_len = headersEnd(input.content(),input.contentSize());
+    CPPUNIT_ASSERT(engine.sanityCheckStartLine(&input, hdr_len, &error) );
+    CPPUNIT_ASSERT_EQUAL(error, HTTP_STATUS_NONE);
+    input.reset();
+    error = HTTP_STATUS_NONE;
+
+    input.append("HTTP/1.1    20", 14);
+    hdr_len = headersEnd(input.content(),input.contentSize());
+    CPPUNIT_ASSERT(engine.sanityCheckStartLine(&input, hdr_len, &error) );
+    CPPUNIT_ASSERT_EQUAL(error, HTTP_STATUS_NONE);
+    input.reset();
+    error = HTTP_STATUS_NONE;
 
     // status line with no status
     input.append("HTTP/1.1 \n\n", 11);
@@ -178,6 +219,5 @@ testHttpReply::testSanityCheckFirstLine()
     CPPUNIT_ASSERT_EQUAL(error, HTTP_INVALID_HEADER);
     input.reset();
     error = HTTP_STATUS_NONE;
-#endif
 
 }