cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] Addition of trailer headers in HTTP requests generated by libcurl

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 17 Jan 2013 22:33:51 +0100 (CET)

On Thu, 17 Jan 2013, Dan Fandrich wrote:

>> + char tfield[CURL_MAX_HTTP_HEADER];
>> + strncpy(tfield, trailer_headers->data, tptr-trailer_headers->data+1);
>
> This will overflow tfield given a long enough user-supplied header.

In addition to Dan's fine comments, allow me to point out that
CURL_MAX_HTTP_HEADER is 100K by default. To me it seems a bit excessive to
have a local array of that size on the stack there...

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2013-01-17

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: [PATCH] always multi v5"
Previous message: Brett Schoppert: "curl_easy_perform stuck in select"
In reply to: Dan Fandrich: "Re: [PATCH] Addition of trailer headers in HTTP requests generated by libcurl"
Next in thread: Chrysovaladis Datsios: "Re: [PATCH] Addition of trailer headers in HTTP requests generated by libcurl"
Reply: Chrysovaladis Datsios: "Re: [PATCH] Addition of trailer headers in HTTP requests generated by libcurl"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]