From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 13 May 2025 09:19:40 +0000 (+0200)
Subject: headers: set an error message on illegal response headers
X-Git-Tag: curl-8_14_0~91
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a8b947e7f4d6e26bdcc0d2226237b206a437109b;p=thirdparty%2Fcurl.git

headers: set an error message on illegal response headers

Makes it report "Invalid response header" instead of the slightly odd "A
libcurl function was given a bad argument".

Add test 749 and 750 for more CONNECT response testing.

Reported-by: Int64x86 on github
Fixes #17330
Closes #17336
---

diff --git a/lib/headers.c b/lib/headers.c
index 9f522ecc13..ec3ac7473c 100644
--- a/lib/headers.c
+++ b/lib/headers.c
@@ -336,8 +336,10 @@ CURLcode Curl_headers_push(struct Curl_easy *data, const char *header,
     Curl_llist_append(&data->state.httphdrs, hs, &hs->node);
     data->state.prevhead = hs;
   }
-  else
+  else {
+    failf(data, "Invalid response header");
     free(hs);
+  }
   return result;
 }
 
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index f84eb8461d..33ba9b5b17 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -107,7 +107,7 @@ test709 test710 test711 test712 test713 test714 test715 test716 test717 \
 test718 test719 test720 test721 test722 test723 test724 test725 test726 \
 test727 test728 test729 test730 test731 test732 test733 test734 test735 \
 test736 test737 test738 test739 test740 test741 test742 test743 test744 \
-test745 test746 test747 test748 \
+test745 test746 test747 test748 test749 test750 \
 \
 test780 test781 test782 test783 test784 test785 test786 test787 test788 \
 test789 test790 test791 \
diff --git a/tests/data/test749 b/tests/data/test749
new file mode 100644
index 0000000000..68439f90cb
--- /dev/null
+++ b/tests/data/test749
@@ -0,0 +1,61 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+HTTP CONNECT
+HTTP proxy
+proxytunnel
+</keywords>
+</info>
+
+# Server-side
+<reply>
+
+# this is returned first since we get no proxy-auth
+<connect>
+HTTP/1.1 400 Bad request
+Connection: close
+
+</connect>
+
+<datacheck crlf="yes">
+HTTP/1.1 400 Bad request
+Connection: close
+
+</datacheck>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+<features>
+proxy
+</features>
+<name>
+HTTP CONNECT with proxy returning 400 and closing
+</name>
+<command>
+http://test.example --proxy http://%HOSTIP:%HTTPPORT --proxytunnel -sS
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<protocol crlf="yes">
+CONNECT test.example:80 HTTP/1.1
+Host: test.example:80
+User-Agent: curl/%VERSION
+Proxy-Connection: Keep-Alive
+
+</protocol>
+<errorcode>
+56
+</errorcode>
+<stderr mode="text">
+curl: (56) CONNECT tunnel failed, response 400
+</stderr>
+</verify>
+</testcase>
diff --git a/tests/data/test750 b/tests/data/test750
new file mode 100644
index 0000000000..7acc8d3181
--- /dev/null
+++ b/tests/data/test750
@@ -0,0 +1,57 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+HTTP CONNECT
+HTTP proxy
+proxytunnel
+</keywords>
+</info>
+
+# Server-side
+<reply>
+
+# this is returned first since we get no proxy-auth
+<connect>
+<html>
+<h1>400 Bad request</h1>
+swsclose
+</html>
+</connect>
+
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+<features>
+proxy
+</features>
+<name>
+HTTP CONNECT with proxy returning just HTML and closing
+</name>
+<command>
+http://test.example --proxy http://%HOSTIP:%HTTPPORT --proxytunnel -sS
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<protocol crlf="yes">
+CONNECT test.example:80 HTTP/1.1
+Host: test.example:80
+User-Agent: curl/%VERSION
+Proxy-Connection: Keep-Alive
+
+</protocol>
+<errorcode>
+43
+</errorcode>
+<stderr mode="text">
+curl: (43) Invalid response header
+</stderr>
+</verify>
+</testcase>