diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2022-09-09 12:46:01 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2022-09-09 15:02:15 +0200 |
| commit | 279f638b749aad77323edc1ddeab9f70e9903110 (patch) | |
| tree | ed36e87e5e5e9db55c63c8279640ffc12b986559 /lib/strtoofft.c | |
| parent | 9c9e83931efba38817f40c1571ac7e84935ab3fd (diff) | |
| download | curl-279f638b749aad77323edc1ddeab9f70e9903110.tar.gz | |
strtoofft: after space, there cannot be a control code
With the change from ISSPACE() to ISBLANK() this function no longer
deals with (ignores) control codes the same way, which could lead to
this function returning unexpected values like in the case of
"Content-Length: \r-12354".
Follow-up to 6f9fb7ec2d7cb389a0da5
Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51140
Assisted-by: Max Dymond
Closes #9458
Diffstat (limited to 'lib/strtoofft.c')
| -rw-r--r-- | lib/strtoofft.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/strtoofft.c b/lib/strtoofft.c index 83dea5c4b..30deb8c05 100644 --- a/lib/strtoofft.c +++ b/lib/strtoofft.c @@ -224,7 +224,7 @@ CURLofft curlx_strtoofft(const char *str, char **endp, int base, while(*str && ISBLANK(*str)) str++; - if('-' == *str) { + if(('-' == *str) || (ISSPACE(*str))) { if(endp) *endp = (char *)str; /* didn't actually move */ return CURL_OFFT_INVAL; /* nothing parsed */ |