From 6f9fb7ec2d7cb389a0da5a1d0617ce592115a6a8 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 5 Sep 2022 23:21:15 +0200 Subject: misc: ISSPACE() => ISBLANK() Instances of ISSPACE() use that should rather use ISBLANK(). I think somewhat carelessly used because it sounds as if it checks for space or whitespace, but also includes %0a to %0d. For parsing purposes, we should only accept what we must and not be overly liberal. It leads to surprises and surprises lead to bad things. Closes #9432 --- lib/http_negotiate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/http_negotiate.c') diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index 0ac4ead09..5909f85b0 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -84,7 +84,7 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn, /* Obtain the input token, if any */ header += strlen("Negotiate"); - while(*header && ISSPACE(*header)) + while(*header && ISBLANK(*header)) header++; len = strlen(header); -- cgit v1.2.1