curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: HTTP header validation

From: Stephen Booth via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 29 Jan 2024 22:05:53 +0000

On 29/01/2024 21:34, Dan Fandrich via curl-library wrote:
> This is a case of GIGO. The man page even warns against this:
>
> curl makes sure that each header you add/replace is sent with the proper
> end-of-line marker, you should thus not add that as a part of the header
> content: do not add newlines or carriage returns, they only mess things up
> for you. curl passes on the verbatim string you give it without any filter
> or other safe guards. That includes white space and control characters.

I was certainly not trying to do this intentionally and GIGO is
absolutely fair comment. Curl was the last place the check could have
been performed rather than the place where it should have been.

A sanity check in curl would have helped me find the problem but it
sounds like there are reasons I'm not aware of for not attempting any
validation.

                        Stephen


-- 
======================================================================
|epcc| Dr Stephen P Booth             Principal Architect       |epcc|
|epcc| s.booth_at_epcc.ed.ac.uk          Phone 0131 650 5746       |epcc|
======================================================================
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2024-01-29