From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 3 Mar 2025 21:40:43 +0000 (+0100)
Subject: lib: fix two curlx_strtoofft invokes
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fd3808163376e2336e7f7445a700721bdcf5af0f;p=thirdparty%2Fcurl.git

lib: fix two curlx_strtoofft invokes

- cf-h1-proxy: check return code and return error if the parser fails

- http: make the Retry-After parser check for a date string first then
  number to avoid mis-parsing the begining of a date as a number
---

diff --git a/lib/cf-h1-proxy.c b/lib/cf-h1-proxy.c
index e2f86fc1f2..4698f014a7 100644
--- a/lib/cf-h1-proxy.c
+++ b/lib/cf-h1-proxy.c
@@ -315,8 +315,11 @@ static CURLcode on_resp_header(struct Curl_cfilter *cf,
             k->httpcode);
     }
     else {
-      (void)curlx_strtoofft(header + strlen("Content-Length:"),
-                            NULL, 10, &ts->cl);
+      if(curlx_strtoofft(header + strlen("Content-Length:"),
+                         NULL, 10, &ts->cl)) {
+        failf(data, "Unsupported Content-Length value");
+        return CURLE_WEIRD_SERVER_REPLY;
+      }
     }
   }
   else if(Curl_compareheader(header,
diff --git a/lib/http.c b/lib/http.c
index af05cf6bd0..8a9fe6e887 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -3228,18 +3228,22 @@ static CURLcode http_header(struct Curl_easy *data,
     if(v) {
       /* Retry-After = HTTP-date / delay-seconds */
       curl_off_t retry_after = 0; /* zero for unknown or "now" */
-      /* Try it as a decimal number, if it works it is not a date */
-      (void)curlx_strtoofft(v, NULL, 10, &retry_after);
-      if(!retry_after) {
-        time_t date = Curl_getdate_capped(v);
+      time_t date;
+      Curl_str_passblanks(&v);
+
+      /* try it as a date first, because a date can otherwise start with and
+         get treated as a number */
+      date = Curl_getdate_capped(v);
+
+      if((time_t)-1 != date) {
         time_t current = time(NULL);
-        if((time_t)-1 != date && date > current) {
+        if(date >= current)
           /* convert date to number of seconds into the future */
           retry_after = date - current;
-        }
       }
-      if(retry_after < 0)
-        retry_after = 0;
+      else
+        /* Try it as a decimal number */
+        Curl_str_number(&v, &retry_after, CURL_OFF_T_MAX);
       /* limit to 6 hours max. this is not documented so that it can be changed
          in the future if necessary. */
       if(retry_after > 21600)