mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-11-27 05:50:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

hsts: support "implied LWS" properly around max-age

Browse Source 
Adjust test 780 to verify.

Reported-by: newfunction
Closes #15330
This commit is contained in:
Daniel Stenberg 2024-10-18 09:38:13 +02:00
parent 288cfcbe38
commit 5ea61a0b54
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/hsts.c
View File

@ -159,7 +159,7 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
do {
while(*p && ISBLANK(*p))
p++;
if(strncasecompare("max-age=", p, 8)) {
if(strncasecompare("max-age", p, 7)) {
bool quoted = FALSE;
CURLofft offt;
char *endp;
@ -167,9 +167,14 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
if(gotma)
return CURLE_BAD_FUNCTION_ARGUMENT;
p += 8;
p += 7;
while(*p && ISBLANK(*p))
p++;
if(*p++ != '=')
return CURLE_BAD_FUNCTION_ARGUMENT;
while(*p && ISBLANK(*p))
p++;
if(*p == '\"') {
p++;
quoted = TRUE;

4
tests/data/test780
View File

@ -22,7 +22,7 @@ Date: Tue, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake swsclose
Content-Type: text/html
Funny-head: yesyes
Strict-Transport-Security: max-age=1000
Strict-Transport-Security: max-age = 1000
</data>
</reply>
@ -68,7 +68,7 @@ Date: Tue, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake swsclose
Content-Type: text/html
Funny-head: yesyes
Strict-Transport-Security: max-age=1000
Strict-Transport-Security: max-age = 1000
</stdout>