Blame SOURCES/wget-1.14-CVE-2018-0494.patch
|
 |
87e294 |
diff --git a/src/http.c b/src/http.c
|
|
|
87e294 |
index b45c404..aa4fd25 100644
|
|
|
87e294 |
--- a/src/http.c
|
|
|
87e294 |
+++ b/src/http.c
|
|
|
87e294 |
@@ -605,9 +605,9 @@ struct response {
|
|
|
87e294 |
resp_header_*. */
|
|
|
87e294 |
|
|
|
87e294 |
static struct response *
|
|
|
87e294 |
-resp_new (const char *head)
|
|
|
87e294 |
+resp_new (char *head)
|
|
|
87e294 |
{
|
|
|
87e294 |
- const char *hdr;
|
|
|
87e294 |
+ char *hdr;
|
|
|
87e294 |
int count, size;
|
|
|
87e294 |
|
|
|
87e294 |
struct response *resp = xnew0 (struct response);
|
|
|
87e294 |
@@ -636,15 +636,23 @@ resp_new (const char *head)
|
|
|
87e294 |
break;
|
|
|
87e294 |
|
|
|
87e294 |
/* Find the end of HDR, including continuations. */
|
|
|
87e294 |
- do
|
|
|
87e294 |
+ for (;;)
|
|
|
87e294 |
{
|
|
|
87e294 |
- const char *end = strchr (hdr, '\n');
|
|
|
87e294 |
+ char *end = strchr (hdr, '\n');
|
|
|
87e294 |
+
|
|
|
87e294 |
if (end)
|
|
|
87e294 |
hdr = end + 1;
|
|
|
87e294 |
else
|
|
|
87e294 |
hdr += strlen (hdr);
|
|
|
87e294 |
+
|
|
|
87e294 |
+ if (*hdr != ' ' && *hdr != '\t')
|
|
|
87e294 |
+ break;
|
|
|
87e294 |
+
|
|
|
87e294 |
+ // continuation, transform \r and \n into spaces
|
|
|
87e294 |
+ *end = ' ';
|
|
|
87e294 |
+ if (end > head && end[-1] == '\r')
|
|
|
87e294 |
+ end[-1] = ' ';
|
|
|
87e294 |
}
|
|
|
87e294 |
- while (*hdr == ' ' || *hdr == '\t');
|
|
|
87e294 |
}
|
|
|
87e294 |
DO_REALLOC (resp->headers, size, count + 1, const char *);
|
|
|
87e294 |
resp->headers[count] = NULL;
|