https://github.com/curl/curl/commit/beb8990d934a01acf103871e463d4e61afc9ded2 From: Daniel Stenberg Date: Fri, 17 Sep 2021 16:31:25 +0200 Subject: [PATCH] http: fix the broken >3 digit response code detection When the "reason phrase" in the HTTP status line starts with a digit, that was treated as the forth response code digit and curl would claim the response to be non-compliant. Added test 1466 to verify this case. Regression brought by 5dc594e44f73b17 Reported-by: Glenn de boer Fixes #7738 Closes #7739 --- a/lib/http.c +++ b/lib/http.c @@ -4232,9 +4232,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, char separator; char twoorthree[2]; int httpversion = 0; - int digit4 = -1; /* should remain untouched to be good */ + char digit4 = 0; nc = sscanf(HEADER1, - " HTTP/%1d.%1d%c%3d%1d", + " HTTP/%1d.%1d%c%3d%c", &httpversion_major, &httpversion, &separator, @@ -4250,13 +4250,13 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, /* There can only be a 4th response code digit stored in 'digit4' if all the other fields were parsed and stored first, so nc is 5 when - digit4 is not -1 */ - else if(digit4 != -1) { + digit4 a digit */ + else if(ISDIGIT(digit4)) { failf(data, "Unsupported response code in HTTP response"); return CURLE_UNSUPPORTED_PROTOCOL; } - if((nc == 4) && (' ' == separator)) { + if((nc >= 4) && (' ' == separator)) { httpversion += 10 * httpversion_major; switch(httpversion) { case 10: