curl-and-python
Re: aborting a transaction
From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 23 Sep 2009 23:22:09 +0200 (CEST)
Date: Wed, 23 Sep 2009 23:22:09 +0200 (CEST)
On Wed, 23 Sep 2009, johansen_at_sun.com wrote:
>> arguably you could be handed an endless header and obliterate all memory. I
>> put a configurable max header size (default to 2mb) in place and work from
>> there.
>
> Is this actually a case that we can hit if the client hasn't installed a
> HEADERFUNCTION? I'm a bit surprised that curl would hold onto all of the
> headers, instead of just extracting the ones that it cares about.
It doesn't. It does create a buffer large enough to hold a single header line,
so if you send an enourmously long header line libcurl will allocate such a
buffer. I guess we could consider a max length for sensible headers...
-- / daniel.haxx.se _______________________________________________ http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-pythonReceived on 2009-09-23