Fix handling of garbage data sent by the HTTP server instead of a

proper HTTP reply.

If the server's reply doesn't start with "HTTP/", then the reply is
not valid. This could happen if we connected via HTTP to an HTTPS
server. It could also happen with an Icecast server (reply ICY/x.y).

Task-number: 248838
Reviewed-by: Markus Goetz

1 files changed, 10 insertions, 1 deletions

diff --git a/src/network/access/qhttpnetworkreply.cpp b/src/network/access/qhttpnetworkreply.cpp
index fe3f6af..1b41e1e 100644
--- a/src/network/access/qhttpnetworkreply.cpp
+++ b/src/network/access/qhttpnetworkreply.cpp
@@ -409,6 +409,9 @@ qint64 QHttpNetworkReplyPrivate::readStatus(QAbstractSocket *socket)
             if (fragment.endsWith('\r')) {
                 fragment.truncate(fragment.length()-1);
             }
+            if (!fragment.startsWith("HTTP/"))
+                return -1;
+
             parseStatus(fragment);
             state = ReadingHeaderState;
             fragment.clear(); // next fragment
@@ -418,7 +421,13 @@ qint64 QHttpNetworkReplyPrivate::readStatus(QAbstractSocket *socket)
             bytes += socket->read(&c, 1);
             fragment.append(c);
         }
+
+        // is this a valid reply?
+        if (fragment.length() >= 5 && !fragment.startsWith("HTTP/"))
+            return -1;
+
     }
+
     return bytes;
 }
 
@@ -660,4 +669,4 @@ void QHttpNetworkReply::ignoreSslErrors()
 
 QT_END_NAMESPACE
 
-#endif // QT_NO_HTTP
\ No newline at end of file
+#endif // QT_NO_HTTP