#5159 http assumes status line is a proper tcl list

[Jeff Rogers]

The http package implicitly assumes that the response status line is a proper tcl list. The http specification does not guarantee this:
Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF
Reason-Phrase = *<TEXT, excluding CR, LF>

If the http status like is, for example
HTTP/1.0 200 This server is "ok", for now
http::geturl will choke on it with an error like

list element in quotes followed by "," instead of space
while executing
"lindex $state(http) 1"
(procedure "http::Event" line 26)
invoked from within
"http::Event sock6 ::http::2"

The line at fault appears to be
if {$state(http) == "" || [lindex $state(http) 1] == 100} {

Changing that to
if {$state(http) == "" || [string is list $state(http)] && [lindex $state(http) 1] == 100} {

would fix this error, although it might then miss the "100 Continue" status it was looking for.

[Donal K. Fellows]

It would be more elegant to parse the first line properly according to the spec (version id <SPACE> code <SPACE> arbitrary string <EOL>) as that avoids other problems. Probably also ought to check that the version id is something we grok, to avoid the weird problems documented in another bug report (whose number I forget) where the server didn't bother to send back any HTTP headers at all...

Which version of Tcl (or the http package) is this a bug report for?

[Jeff Rogers]

I initially encountered this problem with tcl 8.5/http 2.7.2, but it still occurs with tcl 8.6/http 2.8.4.

[Serg G. Brester]

Sorry, I've already fixed this problem for me in 8.5, but forgot it to announce...
Patch for http 2.7.10 is attached...

[Serg G. Brester]

HTTP Status-Code patch

[Serg G. Brester]

If we are talking about the topic of HTTP, I had still an issue with KeepAlive (and forget as well to annonce you the patch). Unfortunately, I have no test case for this. But it is understandable by patch.
see bug 3599789

[Jan Nijtmans]

Fixed in core-8-5-branch and trunk