Fix this to handle "\0"-terminated status lines (eg, from WebDAV

	* libsoup/soup-headers.c (soup_headers_parse_status_line): Fix
	this to handle "\0"-terminated status lines (eg, from WebDAV
	responses), like the docs say it does. #406997
	(soup_headers_parse): Balance that out by rejecting internal "\0"s
	here.
	(soup_headers_parse_request, soup_headers_parse_response): Update
	docs to warn that @dest may be modified even on error. (This was
	always true, it just wasn't documented.)

svn path=/trunk/; revision=909

diff --git a/ChangeLog b/ChangeLog
index 6bba807..5530631 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2007-02-12  Dan Winship  <danw@novell.com>
+
+       * libsoup/soup-headers.c (soup_headers_parse_status_line): Fix
+       this to handle "\0"-terminated status lines (eg, from WebDAV
+       responses), like the docs say it does. #406997
+       (soup_headers_parse): Balance that out by rejecting internal "\0"s
+       here.
+       (soup_headers_parse_request, soup_headers_parse_response): Update
+       docs to warn that @dest may be modified even on error. (This was
+       always true, it just wasn't documented.)
+
 2007-01-16  Dan Winship  <danw@novell.com>
 
        * tests/header-parsing.c (do_request_tests, do_response_tests):

diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
index 3467132..7c6122c 100644 (file)
--- a/libsoup/soup-headers.c
+++ b/libsoup/soup-headers.c
@@ -23,6 +23,13 @@ soup_headers_parse (const char *str,
        char *name, *value, *eol, *sol;
        GSList *hdrs;
 
+       /* Technically, the grammar does allow NUL bytes in the
+        * headers, but this is probably a bug, and if it's not, we
+        * can't deal with them anyway.
+        */
+       if (memchr (str, '\0', len))
+               return FALSE;
+
        /* As per RFC 2616 section 19.3, we treat '\n' as the
         * line terminator, and '\r', if it appears, merely as
         * ignorable trailing whitespace.
@@ -107,6 +114,8 @@ soup_headers_parse (const char *str,
  * Parses the headers of an HTTP request in @str and stores the
  * results in @req_method, @req_path, @ver, and @dest.
  *
+ * Beware that @dest may be modified even on failure.
+ *
  * Return value: success or failure.
  **/
 gboolean
@@ -197,7 +206,7 @@ soup_headers_parse_request (const char       *str,
  *
  * Parses the HTTP Status-Line string in @status_line into @ver,
  * @status_code, and @reason_phrase. @status_line must be terminated by
- * either '\0' or '\r\n'.
+ * either "\0" or "\r\n".
  *
  * Return value: %TRUE if @status_line was parsed successfully.
  **/
@@ -235,9 +244,7 @@ soup_headers_parse_status_line (const char       *status_line,
        phrase_start = code_end;
        while (*phrase_start == ' ' || *phrase_start == '\t')
                phrase_start++;
-       phrase_end = strchr (phrase_start, '\n');
-       if (!phrase_end)
-               return FALSE;
+       phrase_end = phrase_start + strcspn (phrase_start, "\n");
        while (phrase_end > phrase_start &&
               (phrase_end[-1] == '\r' || phrase_end[-1] == ' ' || phrase_end[-1] == '\t'))
                phrase_end--;
@@ -260,6 +267,8 @@ soup_headers_parse_status_line (const char       *status_line,
  * Parses the headers of an HTTP response in @str and stores the
  * results in @ver, @status_code, @reason_phrase, and @dest.
  *
+ * Beware that @dest may be modified even on failure.
+ *
  * Return value: success or failure.
  **/
 gboolean