Upstream: check format of CGI Status header

The CGI Status header is used as the HTTP status line if it has a
reason-phrase: its length should be > 3.

This change validates that the 4th character is a space, the only
allowed character in that position.

An addition to:
fa46a57199

src/http/modules/ngx_http_fastcgi_module.c

@@ -2049,7 +2049,7 @@ ngx_http_fastcgi_process_header(ngx_http_request_t *r)
 
                     u->headers_in.status_n = status;
 
-                    if (status_line->len > 3) {
+                    if (status_line->len > 3 && status_line->data[3] == ' ') {
                         u->headers_in.status_line = *status_line;
                     }
 

src/http/modules/ngx_http_scgi_module.c

@@ -1154,7 +1154,7 @@ ngx_http_scgi_process_header(ngx_http_request_t *r)
 
                 u->headers_in.status_n = status;
 
-                if (status_line->len > 3) {
+                if (status_line->len > 3 && status_line->data[3] == ' ') {
                     u->headers_in.status_line = *status_line;
                 }
 

src/http/modules/ngx_http_uwsgi_module.c

@@ -1382,7 +1382,7 @@ ngx_http_uwsgi_process_header(ngx_http_request_t *r)
 
                 u->headers_in.status_n = status;
 
-                if (status_line->len > 3) {
+                if (status_line->len > 3 && status_line->data[3] == ' ') {
                     u->headers_in.status_line = *status_line;
                 }