From b1a7b11aea32a39a4f3a82f624fb24b37ee03af6 Mon Sep 17 00:00:00 2001
From: Daniel Roethlisberger <daniel@roe.ch>
Date: Tue, 28 Oct 2014 23:31:07 +0100
Subject: [PATCH] Don't depend on the space when parsing HTTP headers

---
 NEWS      |  5 +++--
 pxyconn.c | 24 ++++++++++++------------
 2 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/NEWS b/NEWS
index 52ddb14..0db7555 100644
--- a/NEWS
+++ b/NEWS
@@ -7,10 +7,11 @@
 -   Support pf on Mac OS X 10.10 Yosemite and fix segmentation fault if
     no NAT engine is available (pull req #32 by @landonf).
 -   Support DESTDIR and MANDIR in the build (pull req #34 by @swills).
--   SSLsplit no longer chroot()s to /var/empty by default if run by root,
-    in order to prevent breaking -S and sni proxyspecs (issue #21).
+-   No longer chroot() to /var/empty by default if run by root, in order to
+    prevent breaking -S and sni proxyspecs (issue #21).
 -   Load -t certificates before dropping privileges (issues #19 and #20).
 -   Fix segmentation fault when using -t without a CA.
+-   Minor bugfixes and improvements.
 
 
 ### SSLsplit 0.4.8 2014-01-15
diff --git a/pxyconn.c b/pxyconn.c
index fb2e9b7..192a6a5 100644
--- a/pxyconn.c
+++ b/pxyconn.c
@@ -991,27 +991,27 @@ pxy_http_reqhdr_filter_line(const char *line, pxy_conn_ctx_t *ctx)
 		/* not first line */
 		char *newhdr;
 
-		if (!ctx->http_host && !strncasecmp(line, "Host: ", 6)) {
-			ctx->http_host = strdup(util_skipws(line + 6));
+		if (!ctx->http_host && !strncasecmp(line, "Host:", 5)) {
+			ctx->http_host = strdup(util_skipws(line + 5));
 			if (!ctx->http_host) {
 				ctx->enomem = 1;
 				return NULL;
 			}
-		} else if (!strncasecmp(line, "Content-Type: ", 14)) {
-			ctx->http_content_type = strdup(util_skipws(line + 14));
+		} else if (!strncasecmp(line, "Content-Type:", 13)) {
+			ctx->http_content_type = strdup(util_skipws(line + 13));
 			if (!ctx->http_content_type) {
 				ctx->enomem = 1;
 				return NULL;
 			}
-		} else if (!strncasecmp(line, "Connection: ", 12)) {
+		} else if (!strncasecmp(line, "Connection:", 11)) {
 			ctx->sent_http_conn_close = 1;
 			if (!(newhdr = strdup("Connection: close"))) {
 				ctx->enomem = 1;
 				return NULL;
 			}
 			return newhdr;
-		} else if (!strncasecmp(line, "Accept-Encoding: ", 17) ||
-		           !strncasecmp(line, "Keep-Alive: ", 12)) {
+		} else if (!strncasecmp(line, "Accept-Encoding:", 16) ||
+		           !strncasecmp(line, "Keep-Alive:", 11)) {
 			return NULL;
 		} else if (line[0] == '\0') {
 			ctx->seen_req_header = 1;
@@ -1076,16 +1076,16 @@ pxy_http_resphdr_filter_line(const char *line, pxy_conn_ctx_t *ctx)
 	} else {
 		/* not first line */
 		if (!ctx->http_content_length &&
-		    !strncasecmp(line, "Content-Length: ", 16)) {
+		    !strncasecmp(line, "Content-Length:", 15)) {
 			ctx->http_content_length =
-				strdup(util_skipws(line + 16));
+				strdup(util_skipws(line + 15));
 			if (!ctx->http_content_length) {
 				ctx->enomem = 1;
 				return NULL;
 			}
-		} else if (!strncasecmp(line, "Public-Key-Pins: ", 17) ||
-		    !strncasecmp(line, "Public-Key-Pins-Report-Only: ", 29) ||
-		    !strncasecmp(line, "Alternate-Protocol: ", 20)) {
+		} else if (!strncasecmp(line, "Public-Key-Pins:", 16) ||
+		    !strncasecmp(line, "Public-Key-Pins-Report-Only:", 28) ||
+		    !strncasecmp(line, "Alternate-Protocol:", 19)) {
 			return NULL;
 		} else if (line[0] == '\0') {
 			ctx->seen_resp_header = 1;