From 5ea61a0b546fb054459384b2a225e9dd774088de Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 18 Oct 2024 09:38:13 +0200
Subject: [PATCH] hsts: support "implied LWS" properly around max-age

Adjust test 780 to verify.

Reported-by: newfunction
Closes #15330
---
 lib/hsts.c         | 9 +++++++--
 tests/data/test780 | 4 ++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/lib/hsts.c b/lib/hsts.c
index 12052ce53c..5b0137263b 100644
--- a/lib/hsts.c
+++ b/lib/hsts.c
@@ -159,7 +159,7 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
   do {
     while(*p && ISBLANK(*p))
       p++;
-    if(strncasecompare("max-age=", p, 8)) {
+    if(strncasecompare("max-age", p, 7)) {
       bool quoted = FALSE;
       CURLofft offt;
       char *endp;
@@ -167,9 +167,14 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
       if(gotma)
         return CURLE_BAD_FUNCTION_ARGUMENT;
 
-      p += 8;
+      p += 7;
       while(*p && ISBLANK(*p))
         p++;
+      if(*p++ != '=')
+        return CURLE_BAD_FUNCTION_ARGUMENT;
+      while(*p && ISBLANK(*p))
+        p++;
+
       if(*p == '\"') {
         p++;
         quoted = TRUE;
diff --git a/tests/data/test780 b/tests/data/test780
index 3db14d193d..cdb8b711f7 100644
--- a/tests/data/test780
+++ b/tests/data/test780
@@ -22,7 +22,7 @@ Date: Tue, 09 Nov 2010 14:49:00 GMT
 Server: test-server/fake swsclose
 Content-Type: text/html
 Funny-head: yesyes
-Strict-Transport-Security: max-age=1000
+Strict-Transport-Security: max-age  = 1000
 
 </data>
 </reply>
@@ -68,7 +68,7 @@ Date: Tue, 09 Nov 2010 14:49:00 GMT
 Server: test-server/fake swsclose
 Content-Type: text/html
 Funny-head: yesyes
-Strict-Transport-Security: max-age=1000
+Strict-Transport-Security: max-age  = 1000
 
 </stdout>
 
-- 
2.47.3