From: petpow@...
Date: 2014-12-11T22:32:27+00:00
Subject: [ruby-core:66791] [ruby-trunk - Bug #10591] [Open] Net::HTTPResponse#read_status_line does not throw Net::HTTPBadResponse with some malformed responses.

Issue #10591 has been reported by Peter Powell.

----------------------------------------
Bug #10591: Net::HTTPResponse#read_status_line does not throw Net::HTTPBadResponse with some malformed responses.
https://bugs.ruby-lang.org/issues/10591

* Author: Peter Powell
* Status: Open
* Priority: Normal
* Assignee: 
* Category: lib
* Target version: 
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin12.0]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
The offending line of code appears to be this: https://github.com/ruby/ruby/blob/448c87008e1bc66a93b8f21eedea060f281874a4/lib/net/http/response.rb#L40

The regular expression for matching the status line uses **\s*** to match the space between the response code and message. This is erroneous because when given a malformed status line like **HTTP/1.1 1234** it parses the response code as **123** and the message as **4**.

Reference: http://www.w3.org/Protocols/rfc2616/rfc2616-sec6.html#sec6.1



-- 
https://bugs.ruby-lang.org/