The rpki-client http client uses http_get_line to get a single header
line. For field lines (fancy RFC term for the headers) any space at the
end of the line should be stripped. For status lines the situation is a
bit more special but our code does not depend on the space after the
status code. Finally chunk headers also use http_get_line and there
because of chunk extensions the white space situation is unclear but
stripping any space should not matter. The code only needs to parse the
chunk size at the start of the line. Also the spec allows for bad spaces
in the chunk extensions. Because of this relax the end of token check a
bit.
So in short the first hunk removes any whitespace (space or tab) from the
end of a line and the second hunk adjusts the code to find the end of the
chunk-size. There is no need to check for '\n' or '\r' instead check for
' ' and '\t'.
--
:wq Claudio
Index: http.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/http.c,v
retrieving revision 1.66
diff -u -p -r1.66 http.c
--- http.c 8 Sep 2022 09:48:02 -0000 1.66
+++ http.c 8 Sep 2022 11:16:14 -0000
@@ -1273,8 +1273,10 @@ http_get_line(struct http_connection *co
return NULL;
len = end - conn->buf;
- while (len > 0 && conn->buf[len - 1] == '\r')
+ while (len > 0 && (conn->buf[len - 1] == '\r' ||
+ conn->buf[len - 1] == ' ' || conn->buf[len - 1] == '\t'))
--len;
+
if ((line = strndup(conn->buf, len)) == NULL)
err(1, NULL);
@@ -1304,7 +1306,7 @@ http_parse_chunked(struct http_connectio
return 1;
/* strip CRLF and any optional chunk extension */
- header[strcspn(header, ";\r\n")] = '\0';
+ header[strcspn(header, "; \t")] = '\0';
errno = 0;
chunksize = strtoul(header, &end, 16);
if (header[0] == '\0' || *end != '\0' || (errno == ERANGE &&
