From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 27 Oct 2014 15:08:24 +0000 (+0100)
Subject: HTTP: return larger than 3 digit response codes too
X-Git-Tag: curl-7_39_0~72
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=95765567d0e9dd01a827e8defd423f27d1d03e95;p=thirdparty%2Fcurl.git

HTTP: return larger than 3 digit response codes too

HTTP 1.1 is clearly specified to only allow three digit response codes,
and libcurl used sscanf("%3d") for that purpose. This made libcurl
support smaller numbers but not larger. It does now, but we will not
make any specific promises nor document this further since it is going
outside of what HTTP is.

Bug: http://curl.haxx.se/bug/view.cgi?id=1441
Reported-by: Balaji
---

diff --git a/lib/http.c b/lib/http.c
index 3eebe2df17..989e09e205 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -3200,8 +3200,15 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
 #endif /* CURL_DOES_CONVERSIONS */
 
       if(conn->handler->protocol & PROTO_FAMILY_HTTP) {
+        /*
+         * https://tools.ietf.org/html/rfc7230#section-3.1.2
+         *
+         * The reponse code is always a three-digit number in HTTP as the spec
+         * says. We try to allow any number here, but we cannot make
+         * guarantees on future behaviors since it isn't within the protocol.
+         */
         nc = sscanf(HEADER1,
-                    " HTTP/%d.%d %3d",
+                    " HTTP/%d.%d %d",
                     &httpversion_major,
                     &conn->httpversion,
                     &k->httpcode);
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 1cf7d9dba4..6d21d670bf 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -142,7 +142,7 @@ test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 \
 test1408 test1409 test1410 test1411 test1412 test1413 test1414 test1415 \
 test1416 test1417 test1418 test1419 test1420 \
 \
-test1428 \
+test1428 test1429 test1430 test1431 test1432 test1433 \
 \
 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
 test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
diff --git a/tests/data/test1429 b/tests/data/test1429
new file mode 100644
index 0000000000..da09dca480
--- /dev/null
+++ b/tests/data/test1429
@@ -0,0 +1,69 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+</keywords>
+</info>
+
+<reply>
+<data nocheck="yes">
+HTTP/1.1 1234 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+
+<name>
+HTTP GET with 4-digit reponse code
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/1429 --write-out '%{response_code}'
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<stdout nonewline="yes">
+HTTP/1.1 1234 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+1234
+</stdout>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /1429 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test1430 b/tests/data/test1430
new file mode 100644
index 0000000000..c5f65cfc85
--- /dev/null
+++ b/tests/data/test1430
@@ -0,0 +1,53 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 -12 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP GET with negative reponse code
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/1430
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /1430 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test1431 b/tests/data/test1431
new file mode 100644
index 0000000000..4ea33edc26
--- /dev/null
+++ b/tests/data/test1431
@@ -0,0 +1,53 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 2 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP GET with single-digit reponse code
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/1431
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /1431 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test1432 b/tests/data/test1432
new file mode 100644
index 0000000000..eb1d0c2ad1
--- /dev/null
+++ b/tests/data/test1432
@@ -0,0 +1,54 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+</keywords>
+</info>
+
+<reply>
+<data nocheck="yes">
+HTTP/1.1 0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+
+<name>
+HTTP GET with 100-digit reponse code and survive
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/1432
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /1432 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test1433 b/tests/data/test1433
new file mode 100644
index 0000000000..8634db2c41
--- /dev/null
+++ b/tests/data/test1433
@@ -0,0 +1,69 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+</keywords>
+</info>
+
+<reply>
+<data nocheck="yes">
+HTTP/1.0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+
+<name>
+HTTP GET with 100-digit subversion number in response
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/1433  --write-out '%{response_code}'
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<stdout nonewline="yes">
+HTTP/1.0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+200
+</stdout>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /1433 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>