]> git.ipfire.org Git - thirdparty/squid.git/commitdiff
projects / thirdparty / squid.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e29ccb5)
Properly parse HTTP list headers with embedded 8-bit characters
authorHenrik Nordstrom <henrik@henriknordstrom.net>
Sat, 8 Oct 2011 18:46:19 +0000 (20:46 +0200)
committerHenrik Nordstrom <henrik@henriknordstrom.net>
Sat, 8 Oct 2011 18:46:19 +0000 (20:46 +0200)
MSIE and maybe other browsers sometimes sends 8-bit high characters
in HTTP headers (and URLs). This was mistakenly read as CTL characters
on platforms with signed char type (i.e. x86 etc).

One visible effect of this was that HTTP Digest authentication failed
in MSIE when following a link with embedded 8-bit or UTF-8 characters.

src/HttpHeaderTools.cc patch | blob | blame | history

diff --git a/src/HttpHeaderTools.cc b/src/HttpHeaderTools.cc
index 4612fc25632200c643f7644cc162954979433725..bdbd551a40896f87884decde28dc4b79f332e51c 100644 (file)
--- a/src/HttpHeaderTools.cc
+++ b/src/HttpHeaderTools.cc
@@ -377,9 +377,9 @@ httpHeaderParseQuotedString(const char *start, const int len, String *val)
             }
         }
         end = pos;
-        while (end < (start+len) && *end != '\\' && *end != '\"' && *end > 0x1F && *end != 0x7F)
+        while (end < (start+len) && *end != '\\' && *end != '\"' && (unsigned char)*end > 0x1F && *end != 0x7F)
             end++;
-        if ((*end <= 0x1F && *end != '\r' && *end != '\n') || *end == 0x7F) {
+        if (((unsigned char)*end <= 0x1F && *end != '\r' && *end != '\n') || *end == 0x7F) {
             debugs(66, 2, HERE << "failed to parse a quoted-string header field with CTL octet " << (start-pos)
                    << " bytes into '" << start << "'");
             val->clean();
Mirror of https://github.com/squid-cache/squid.git