curl-library
Re: CURLOPT_DEBUGFUNCTION
Date: Mon, 18 Nov 2002 23:28:05 +0100 (MET)
On Mon, 18 Nov 2002, Jean-Philippe Barrette-LaPierre wrote:
> If found something suspect. I set a callback for debug. When the
> curlinfo_type is set to CURLINFO_HEADER_OUT in the callback, the string is
> not NULL terminated! I just want to be sure that this thing is normal, and
> if it is, I just want to say that it seem very dangerous to not terminate
> this string with a NULL character, because it's susposed to be a string,
> and not some binary stuff like CURLINFO_DATA_IN or OUT. Some people (like
> me) may misuse this, and make a buffer overflow.
This is indeed intended. libcurl might have multiple headers in one single
chunk in memory and I couldn't see any point with inserting zero-bytes before
calling the debug function in these cases. The debug function is always
called with a data pointer and a length. There are no exceptions.
We could of course document this better. I'd say that libcurl-the-guide needs
a detailed chapter on how to use the DEBUGFUNCTION and we could also be more
detailed in the curl_easy_setopt description.
As always, I'm all ears.
-- Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs. ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.htmlReceived on 2002-11-18