Index: net/http/http_response_headers.cc |
diff --git a/net/http/http_response_headers.cc b/net/http/http_response_headers.cc |
index 69a0aa854440630fffd7572b9fc23250718c6047..0beb89927544a99b62cc58bd0fc50bafd803ac73 100644 |
--- a/net/http/http_response_headers.cc |
+++ b/net/http/http_response_headers.cc |
@@ -628,7 +628,7 @@ HttpVersion HttpResponseHeaders::ParseVersion( |
std::string::const_iterator p = line_begin; |
// RFC2616 sec 3.1: HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT |
- // TODO: (1*DIGIT apparently means one or more digits, but we only handle 1). |
+ // 1*DIGIT means one or more digits. |
// TODO: handle leading zeros, which is allowed by the rfc1616 sec 3.1. |
if ((line_end - p < 4) || !LowerCaseEqualsASCII(p, p + 4, "http")) { |
@@ -649,16 +649,42 @@ HttpVersion HttpResponseHeaders::ParseVersion( |
return HttpVersion(); |
} |
- ++p; // from / to first digit. |
- ++dot; // from . to second digit. |
+ ++p; // from / to dot digits. |
- if (!(*p >= '0' && *p <= '9' && *dot >= '0' && *dot <= '9')) { |
+ std::string::const_iterator version_major = p; |
+ // std::string version_major = ""; |
+ for (; version_major != dot; ++version_major) { |
+ if (!(*version_major >= '0' && *version_major <= '9')) { |
+ DVLOG(1) << "malformed version number"; |
+ return HttpVersion(); |
+ } |
+ } |
+ |
+ ++dot; // from . to end digits. |
+ |
+ if (!(*dot >= '0' && *dot <= '9')) { |
+ DVLOG(1) << "malformed version number"; |
+ return HttpVersion(); |
+ } |
+ |
+ // std::string version_minor = ""; |
+ std::string::const_iterator version_minor = dot; |
+ for (; (*version_minor >= '0' && *version_minor <= '9'); ++version_minor) { |
+ // version_minor += *dot; |
+ } |
+ uint major_version_number, minor_version_number; |
+ if (!base::StringToUint(StringPiece(p, version_major), &major_version_number)) |
+ return HttpVersion(); |
+ if (!base::StringToUint(StringPiece(dot, version_minor), |
+ &minor_version_number)) |
+ return HttpVersion(); |
+ if (major_version_number > UINT16_MAX || minor_version_number > UINT16_MAX) { |
DVLOG(1) << "malformed version number"; |
return HttpVersion(); |
} |
- uint16 major = *p - '0'; |
- uint16 minor = *dot - '0'; |
+ uint16 major = static_cast<uint16>(major_version_number); |
+ uint16 minor = static_cast<uint16>(minor_version_number); |
return HttpVersion(major, minor); |
} |