From b6f20378eecb834ad55e334b0c09624857c7c4e6 Mon Sep 17 00:00:00 2001 From: Stewart Bright Date: Wed, 18 May 2016 15:54:30 -0400 Subject: [PATCH 1/2] Header parsing assumes whitespace after colon RFC7230 (HTTP 1.1) 3.2 "Header fields" specifies that whitespace between colon and value is optional, but http_client_asio::read_headers started reading the value at one after the colon, assuming there would always be exactly one space. --- Release/src/http/client/http_client_asio.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/Release/src/http/client/http_client_asio.cpp b/Release/src/http/client/http_client_asio.cpp index 44296040e0..a5967127c1 100644 --- a/Release/src/http/client/http_client_asio.cpp +++ b/Release/src/http/client/http_client_asio.cpp @@ -1123,7 +1123,6 @@ class asio_context : public request_context, public std::enable_shared_from_this if (colon != std::string::npos) { auto name = header.substr(0, colon); - auto value = header.substr(colon + 2, header.size() - (colon + 3)); // also exclude '\r' boost::algorithm::trim(name); boost::algorithm::trim(value); From 4f9a55088742568ba58da8ca1d83e5123f0af790 Mon Sep 17 00:00:00 2001 From: Stewart Bright Date: Wed, 18 May 2016 20:57:55 -0400 Subject: [PATCH 2/2] Header parsing assumes whitespace after colon Not sure how, but fix line was deleted rather than committed. --- Release/src/http/client/http_client_asio.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/Release/src/http/client/http_client_asio.cpp b/Release/src/http/client/http_client_asio.cpp index a5967127c1..a884099032 100644 --- a/Release/src/http/client/http_client_asio.cpp +++ b/Release/src/http/client/http_client_asio.cpp @@ -1123,6 +1123,7 @@ class asio_context : public request_context, public std::enable_shared_from_this if (colon != std::string::npos) { auto name = header.substr(0, colon); + auto value = header.substr(colon + 1, header.size() - colon - 2); boost::algorithm::trim(name); boost::algorithm::trim(value);