From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Sun, 21 Nov 2021 10:51:09 +0000 (+0100)
Subject: OSSL_HTTP_proxy_connect(): Fix glitch in response HTTP header parsing
X-Git-Tag: openssl-3.2.0-alpha1~3214
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2490d10d5cca0163cad8045857248b175bdf83e7;p=thirdparty%2Fopenssl.git

OSSL_HTTP_proxy_connect(): Fix glitch in response HTTP header parsing

Fixes #17247

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17250)
---

diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index a85bfcec42d..b4d42f2eb0b 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -1317,7 +1317,7 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
 
         /* Check for HTTP/1.x */
         mbufp = mbuf;
-        if (!HAS_PREFIX(mbufp, HTTP_PREFIX)) {
+        if (!CHECK_AND_SKIP_PREFIX(mbufp, HTTP_PREFIX)) {
             ERR_raise(ERR_LIB_HTTP, HTTP_R_HEADER_PARSE_ERROR);
             BIO_printf(bio_err, "%s: HTTP CONNECT failed, non-HTTP response\n",
                        prog);
@@ -1335,6 +1335,8 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
 
         /* RFC 7231 4.3.6: any 2xx status code is valid */
         if (!HAS_PREFIX(mbufp, " 2")) {
+            if (ossl_isspace(*mbufp))
+                mbufp++;
             /* chop any trailing whitespace */
             while (read_len > 0 && ossl_isspace(mbuf[read_len - 1]))
                 read_len--;