On Mon, 18 Nov 2002, Jean-Philippe Barrette-LaPierre wrote:

> If found something suspect. I set a callback for debug. When the
> curlinfo_type is set to CURLINFO_HEADER_OUT in the callback, the string is
> not NULL terminated! I just want to be sure that this thing is normal, and
> if it is, I just want to say that it seem very dangerous to not terminate
> this string with a NULL character, because it's susposed to be a string,
> and not some binary stuff like CURLINFO_DATA_IN or OUT. Some people (like
> me) may misuse this, and make a buffer overflow.

This is indeed intended. libcurl might have multiple headers in one single
chunk in memory and I couldn't see any point with inserting zero-bytes before
calling the debug function in these cases. The debug function is always
called with a data pointer and a length. There are no exceptions.

We could of course document this better. I'd say that libcurl-the-guide needs
a detailed chapter on how to use the DEBUGFUNCTION and we could also be more
detailed in the curl_easy_setopt description.

As always, I'm all ears.

-- 
 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html