block/curl: HTTP header fields allow whitespace around values

RFC 7230 section 3.2 indicates that whitespace is permitted between the field name and field value and after the field value. Signed-off-by: David Edmondson <david.edmondson@oracle.com> Message-Id: <20200224101310.101169-2-david.edmondson@oracle.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
author: David Edmondson <david.edmondson@oracle.com> 2020-02-24 10:13:09 +0000
committer: Max Reitz <mreitz@redhat.com> 2020-03-11 12:42:29 +0100
commit: 7788a319399f17476ff1dd43164c869e320820a2 (patch)
tree: f03728127bec53e96be72d928befac297f1b8d8f
parent: c13de3b32fdeffb3e53494fd7d5cecb67cb65799 (diff)
1 files changed, 27 insertions, 4 deletions
diff --git a/block/curl.c b/block/curl.c
index f86299378e..f9ffb7f4e2 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -214,11 +214,34 @@ static size_t curl_header_cb(void *ptr, size_t size, size_t nmemb, void *opaque)
 {
     BDRVCURLState *s = opaque;
     size_t realsize = size * nmemb;
-    const char *accept_line = "Accept-Ranges: bytes";
+    const char *header = (char *)ptr;
+    const char *end = header + realsize;
+    const char *accept_ranges = "Accept-Ranges:";
+    const char *bytes = "bytes";
 
-    if (realsize >= strlen(accept_line)
-        && strncmp((char *)ptr, accept_line, strlen(accept_line)) == 0) {
-        s->accept_range = true;
+    if (realsize >= strlen(accept_ranges)
+        && strncmp(header, accept_ranges, strlen(accept_ranges)) == 0) {
+
+        char *p = strchr(header, ':') + 1;
+
+        /* Skip whitespace between the header name and value. */
+        while (p < end && *p && g_ascii_isspace(*p)) {
+            p++;
+        }
+
+        if (end - p >= strlen(bytes)
+            && strncmp(p, bytes, strlen(bytes)) == 0) {
+
+            /* Check that there is nothing but whitespace after the value. */
+            p += strlen(bytes);
+            while (p < end && *p && g_ascii_isspace(*p)) {
+                p++;
+            }
+
+            if (p == end || !*p) {
+                s->accept_range = true;
+            }
+        }
     }
 
     return realsize;
author	David Edmondson <david.edmondson@oracle.com>	2020-02-24 10:13:09 +0000
committer	Max Reitz <mreitz@redhat.com>	2020-03-11 12:42:29 +0100
commit	7788a319399f17476ff1dd43164c869e320820a2 (patch)
tree	f03728127bec53e96be72d928befac297f1b8d8f
parent	c13de3b32fdeffb3e53494fd7d5cecb67cb65799 (diff)