From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Sat, 8 Oct 2011 18:46:19 +0000 (+0200)
Subject: Properly parse HTTP list headers with embedded 8-bit characters
X-Git-Tag: BumpSslServerFirst.take01~116
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c4b8659776b220d545ecd837c72b06b16a7b7a57;p=thirdparty%2Fsquid.git

Properly parse HTTP list headers with embedded 8-bit characters

MSIE and maybe other browsers sometimes sends 8-bit high characters
in HTTP headers (and URLs). This was mistakenly read as CTL characters
on platforms with signed char type (i.e. x86 etc).

One visible effect of this was that HTTP Digest authentication failed
in MSIE when following a link with embedded 8-bit or UTF-8 characters.
---

diff --git a/src/HttpHeaderTools.cc b/src/HttpHeaderTools.cc
index 4612fc2563..bdbd551a40 100644
--- a/src/HttpHeaderTools.cc
+++ b/src/HttpHeaderTools.cc
@@ -377,9 +377,9 @@ httpHeaderParseQuotedString(const char *start, const int len, String *val)
             }
         }
         end = pos;
-        while (end < (start+len) && *end != '\\' && *end != '\"' && *end > 0x1F && *end != 0x7F)
+        while (end < (start+len) && *end != '\\' && *end != '\"' && (unsigned char)*end > 0x1F && *end != 0x7F)
             end++;
-        if ((*end <= 0x1F && *end != '\r' && *end != '\n') || *end == 0x7F) {
+        if (((unsigned char)*end <= 0x1F && *end != '\r' && *end != '\n') || *end == 0x7F) {
             debugs(66, 2, HERE << "failed to parse a quoted-string header field with CTL octet " << (start-pos)
                    << " bytes into '" << start << "'");
             val->clean();