cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH] Addition of trailer headers in HTTP requests generated by libcurl

From: Daniel Stenberg <>
Date: Thu, 17 Jan 2013 22:33:51 +0100 (CET)

On Thu, 17 Jan 2013, Dan Fandrich wrote:

>> + char tfield[CURL_MAX_HTTP_HEADER];
>> + strncpy(tfield, trailer_headers->data, tptr-trailer_headers->data+1);
> This will overflow tfield given a long enough user-supplied header.

In addition to Dan's fine comments, allow me to point out that
CURL_MAX_HTTP_HEADER is 100K by default. To me it seems a bit excessive to
have a local array of that size on the stack there...

List admin:
Received on 2013-01-17