From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 1 Jun 2022 12:04:17 +0000 (+0200)
Subject: headers: handle unfold of space-cleansed headers
X-Git-Tag: curl-7_84_0~101
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f810047f9d7a983c4479ae07f79282b7c9b54ccb;p=thirdparty%2Fcurl.git

headers: handle unfold of space-cleansed headers

Detected by OSS-fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47767

Updated test 1274

Closes #8947
---

diff --git a/lib/headers.c b/lib/headers.c
index c21b9481e3..01af85d2d6 100644
--- a/lib/headers.c
+++ b/lib/headers.c
@@ -227,8 +227,8 @@ static CURLcode unfold_value(struct Curl_easy *data, const char *value,
   DEBUGASSERT(data->state.prevhead);
   hs = data->state.prevhead;
   olen = strlen(hs->value);
-  oalloc = olen + strlen(hs->name) + 1;
   offset = hs->value - hs->buffer;
+  oalloc = olen + offset + 1;
 
   /* skip all trailing space letters */
   while(vlen && ISSPACE(value[vlen - 1]))
diff --git a/tests/data/test1274 b/tests/data/test1274
index ae29f4899e..21d6f61c04 100644
--- a/tests/data/test1274
+++ b/tests/data/test1274
@@ -19,7 +19,8 @@ Server: test-server/
 Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
 ETag: "21025-dc7-39462498"
 Content-Length: 6
-Connection: close
+Connection:                                              
+   close
 
 -foo-
 </data>
@@ -58,7 +59,8 @@ Server: test-server/
 Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
 ETag: "21025-dc7-39462498"
 Content-Length: 6
-Connection: close
+Connection:                                              
+   close
 
 </file>
 </verify>