Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

curl_easy_escape is limited to 8MB of urlencoded data #6190

Closed
Neurones67 opened this issue Nov 9, 2020 · 4 comments
Closed

curl_easy_escape is limited to 8MB of urlencoded data #6190

Neurones67 opened this issue Nov 9, 2020 · 4 comments

Comments

@Neurones67
Copy link
Contributor

Neurones67 commented Nov 9, 2020

Hello,

Since change ed35d65 the function curl_easy_escape fails if the url encoded data grows bigger than 8MB (CURL_MAX_INPUT_LENGTH).

Is it a wanted change? I didn't see any release notes about it.

It should be at least be documented. And I think it should be configurable too.

Please advice,

Thank you.

@bagder
Copy link
Member

bagder commented Nov 9, 2020

If it wasn't mentioned, it was an oversight.

The idea with the limit is to reject strings that are mistakes/abuses, not to prevent any valid use cases. Are you saying that you actually URL encode strings longer than 8 megabytes with curl?

And yes, the limit should be documented clearly!

@Neurones67
Copy link
Contributor Author

Thanks for your response.

Yes, It happens that we have more than 8MB of data to urlencode. We didn't have this problem earlier until we upgrade the curl version.

I'm considering to switch to multipart/form-data at least for problematic cases, but I have to deal with different curl versions in production environment (Windows and RedHat), and the API for mime changed in 7.56.0, that's why I didn't do it earlier.

@bagder
Copy link
Member

bagder commented Nov 9, 2020

Which maximum length would work for you?

You can potentially work around the restriction by doing multiple invokes, to encode 8MB a time.

(I'll submit a PR for a documentation update regarding this limit.)

bagder added a commit that referenced this issue Nov 9, 2020
for curl_easy_escape and curl_easy_setopt()

The limit is there to catch mistakes and abuse. It is meant to be large
enough to allow virtually all "fine" use cases.

Reported-by: Marc Schlatter
Fixes #6190
@Neurones67
Copy link
Contributor Author

If we could set up the limit, we would set it to 40MB as it's the limit we set up on the server side.

Yes that's probably what we will do in the mean time.

Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging a pull request may close this issue.

2 participants