From: wessels <>
Date: Thu, 2 Apr 1998 04:23:01 +0000 (+0000)
Subject: handle NULL bytes in HTTP replies which could throw off our gross
X-Git-Tag: SQUID_3_0_PRE1~3653
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8febe7df4de51d65be17557767e47d868cd50074;p=thirdparty%2Fsquid.git

handle NULL bytes in HTTP replies which could throw off our gross
header processing.

surf-wessels 1004> client -h www.hcs.ohio-state.edu -p 80 '/random.cgi$cover.rnd' | od -c
0000000   H   T   T   P   /   1   .   0       3   0   2       F   o   u
0000020   n   d  \r  \n   S   e   r   v   e   r   :       R   a   n   d
0000040   o   m   U   R   L   /   1  \r  \n   L   o   c   a   t   i   o
0000060   n   :       h   t   t   p   :   /   /   1   4   0   .   2   5
0000100   4   .   8   4   .   2   0   0   /   i   m   a   g   e   s   /
0000120   h   c   s   /   c   o   v   e   r   /   c   d   1   8   3   6
0000140   -   3   2   .   g   i   f  \r  \n  \0  \r  \n  \r  \n
---

diff --git a/src/client_side.cc b/src/client_side.cc
index b1451dbef5..067598bb32 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side.cc,v 1.247 1998/04/01 17:24:09 wessels Exp $
+ * $Id: client_side.cc,v 1.248 1998/04/01 21:23:02 wessels Exp $
  *
  * DEBUG: section 33    Client-side Routines
  * AUTHOR: Duane Wessels
@@ -839,6 +839,9 @@ clientBuildReplyHeader(clientHttpRequest * http,
     end = hdr_in + hdr_len;
     for (t = hdr_in; t < end; t += strcspn(t, crlf), t += strspn(t, crlf)) {
 	l = strcspn(t, crlf) + 1;
+	/* Wow, we might find a NULL before 'end' */
+	if (1 == l)
+	    break;
 	xstrncpy(xbuf, t, l > 4096 ? 4096 : l);
 	/* enforce 1.0 reply version, this hack will be rewritten */
 	if (t == hdr_in && !strncasecmp(xbuf, "HTTP/", 5) && l > 8 &&
diff --git a/src/http.cc b/src/http.cc
index aa6cc9663c..51a11b774c 100644
--- a/src/http.cc
+++ b/src/http.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: http.cc,v 1.261 1998/03/31 05:37:42 wessels Exp $
+ * $Id: http.cc,v 1.262 1998/04/01 21:23:01 wessels Exp $
  *
  * DEBUG: section 11    Hypertext Transfer Protocol (HTTP)
  * AUTHOR: Harvest Derived
@@ -625,7 +625,8 @@ httpBuildRequestHeader(request_t * request,
 	l = strcspn(t, crlf) + 1;
 	if (l > 4096)
 	    l = 4096;
-	if (0 == l)
+	/* We might find a NULL before 'end' */
+	if (1 == l)
 	    break;
 	xstrncpy(xbuf, t, l);
 	debug(11, 5) ("httpBuildRequestHeader: %s\n", xbuf);