The rpki-client http client uses http_get_line to get a single header line. For field lines (fancy RFC term for the headers) any space at the end of the line should be stripped. For status lines the situation is a bit more special but our code does not depend on the space after the status code. Finally chunk headers also use http_get_line and there because of chunk extensions the white space situation is unclear but stripping any space should not matter. The code only needs to parse the chunk size at the start of the line. Also the spec allows for bad spaces in the chunk extensions. Because of this relax the end of token check a bit.
So in short the first hunk removes any whitespace (space or tab) from the end of a line and the second hunk adjusts the code to find the end of the chunk-size. There is no need to check for '\n' or '\r' instead check for ' ' and '\t'. -- :wq Claudio Index: http.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/http.c,v retrieving revision 1.66 diff -u -p -r1.66 http.c --- http.c 8 Sep 2022 09:48:02 -0000 1.66 +++ http.c 8 Sep 2022 11:16:14 -0000 @@ -1273,8 +1273,10 @@ http_get_line(struct http_connection *co return NULL; len = end - conn->buf; - while (len > 0 && conn->buf[len - 1] == '\r') + while (len > 0 && (conn->buf[len - 1] == '\r' || + conn->buf[len - 1] == ' ' || conn->buf[len - 1] == '\t')) --len; + if ((line = strndup(conn->buf, len)) == NULL) err(1, NULL); @@ -1304,7 +1306,7 @@ http_parse_chunked(struct http_connectio return 1; /* strip CRLF and any optional chunk extension */ - header[strcspn(header, ";\r\n")] = '\0'; + header[strcspn(header, "; \t")] = '\0'; errno = 0; chunksize = strtoul(header, &end, 16); if (header[0] == '\0' || *end != '\0' || (errno == ERANGE &&