From 95765567d0e9dd01a827e8defd423f27d1d03e95 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 27 Oct 2014 16:08:24 +0100 Subject: [PATCH] HTTP: return larger than 3 digit response codes too HTTP 1.1 is clearly specified to only allow three digit response codes, and libcurl used sscanf("%3d") for that purpose. This made libcurl support smaller numbers but not larger. It does now, but we will not make any specific promises nor document this further since it is going outside of what HTTP is. Bug: http://curl.haxx.se/bug/view.cgi?id=1441 Reported-by: Balaji --- lib/http.c | 9 +++++- tests/data/Makefile.inc | 2 +- tests/data/test1429 | 69 +++++++++++++++++++++++++++++++++++++++++ tests/data/test1430 | 53 +++++++++++++++++++++++++++++++ tests/data/test1431 | 53 +++++++++++++++++++++++++++++++ tests/data/test1432 | 54 ++++++++++++++++++++++++++++++++ tests/data/test1433 | 69 +++++++++++++++++++++++++++++++++++++++++ 7 files changed, 307 insertions(+), 2 deletions(-) create mode 100644 tests/data/test1429 create mode 100644 tests/data/test1430 create mode 100644 tests/data/test1431 create mode 100644 tests/data/test1432 create mode 100644 tests/data/test1433 diff --git a/lib/http.c b/lib/http.c index 3eebe2df1..989e09e20 100644 --- a/lib/http.c +++ b/lib/http.c @@ -3200,8 +3200,15 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data, #endif /* CURL_DOES_CONVERSIONS */ if(conn->handler->protocol & PROTO_FAMILY_HTTP) { + /* + * https://tools.ietf.org/html/rfc7230#section-3.1.2 + * + * The reponse code is always a three-digit number in HTTP as the spec + * says. We try to allow any number here, but we cannot make + * guarantees on future behaviors since it isn't within the protocol. + */ nc = sscanf(HEADER1, - " HTTP/%d.%d %3d", + " HTTP/%d.%d %d", &httpversion_major, &conn->httpversion, &k->httpcode); diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 1cf7d9dba..6d21d670b 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -142,7 +142,7 @@ test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 \ test1408 test1409 test1410 test1411 test1412 test1413 test1414 test1415 \ test1416 test1417 test1418 test1419 test1420 \ \ -test1428 \ +test1428 test1429 test1430 test1431 test1432 test1433 \ \ test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \ test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \ diff --git a/tests/data/test1429 b/tests/data/test1429 new file mode 100644 index 000000000..da09dca48 --- /dev/null +++ b/tests/data/test1429 @@ -0,0 +1,69 @@ + + + +HTTP +HTTP GET + + + + + +HTTP/1.1 1234 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 6 +Connection: close +Content-Type: text/html +Funny-head: yesyes + +-foo- + + + +# +# Client-side + + +http + + + +HTTP GET with 4-digit reponse code + + +http://%HOSTIP:%HTTPPORT/1429 --write-out '%{response_code}' + + + +# +# Verify data after the test has been "shot" + + +HTTP/1.1 1234 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 6 +Connection: close +Content-Type: text/html +Funny-head: yesyes + +-foo- +1234 + + +^User-Agent:.* + + +GET /1429 HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Accept: */* + + + + diff --git a/tests/data/test1430 b/tests/data/test1430 new file mode 100644 index 000000000..c5f65cfc8 --- /dev/null +++ b/tests/data/test1430 @@ -0,0 +1,53 @@ + + + +HTTP +HTTP GET + + + + + +HTTP/1.1 -12 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 6 +Connection: close +Content-Type: text/html +Funny-head: yesyes + +-foo- + + + +# +# Client-side + + +http + + +HTTP GET with negative reponse code + + +http://%HOSTIP:%HTTPPORT/1430 + + + +# +# Verify data after the test has been "shot" + + +^User-Agent:.* + + +GET /1430 HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Accept: */* + + + + diff --git a/tests/data/test1431 b/tests/data/test1431 new file mode 100644 index 000000000..4ea33edc2 --- /dev/null +++ b/tests/data/test1431 @@ -0,0 +1,53 @@ + + + +HTTP +HTTP GET + + + + + +HTTP/1.1 2 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 6 +Connection: close +Content-Type: text/html +Funny-head: yesyes + +-foo- + + + +# +# Client-side + + +http + + +HTTP GET with single-digit reponse code + + +http://%HOSTIP:%HTTPPORT/1431 + + + +# +# Verify data after the test has been "shot" + + +^User-Agent:.* + + +GET /1431 HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Accept: */* + + + + diff --git a/tests/data/test1432 b/tests/data/test1432 new file mode 100644 index 000000000..eb1d0c2ad --- /dev/null +++ b/tests/data/test1432 @@ -0,0 +1,54 @@ + + + +HTTP +HTTP GET + + + + + +HTTP/1.1 0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 6 +Connection: close +Content-Type: text/html +Funny-head: yesyes + +-foo- + + + +# +# Client-side + + +http + + + +HTTP GET with 100-digit reponse code and survive + + +http://%HOSTIP:%HTTPPORT/1432 + + + +# +# Verify data after the test has been "shot" + + +^User-Agent:.* + + +GET /1432 HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Accept: */* + + + + diff --git a/tests/data/test1433 b/tests/data/test1433 new file mode 100644 index 000000000..8634db2c4 --- /dev/null +++ b/tests/data/test1433 @@ -0,0 +1,69 @@ + + + +HTTP +HTTP GET + + + + + +HTTP/1.0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 6 +Connection: close +Content-Type: text/html +Funny-head: yesyes + +-foo- + + + +# +# Client-side + + +http + + + +HTTP GET with 100-digit subversion number in response + + +http://%HOSTIP:%HTTPPORT/1433 --write-out '%{response_code}' + + + +# +# Verify data after the test has been "shot" + + +HTTP/1.0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 6 +Connection: close +Content-Type: text/html +Funny-head: yesyes + +-foo- +200 + + +^User-Agent:.* + + +GET /1433 HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Accept: */* + + + +