generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- I introduced a maximum limit for received HTTP headers. It is controlled by

Browse Source 
the define CURL_MAX_HTTP_HEADER which is even exposed in the public header
  file to allow for users to fairly easy rebuild libcurl with a modified
  limit. The rationale for a fixed limit is that libcurl is realloc()ing a
  buffer to be able to put a full header into it, so that it can call the
  header callback with the entire header, but that also risk getting it into
  trouble if a server by mistake or willingly sends a header that is more or
  less without an end. The limit is set to 100K.
This commit is contained in:
Daniel Stenberg
2009-09-27 21:34:13 +00:00
parent 867a0de670
commit 8646cecb78
4 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
RELEASE-NOTES
View File

@@ -11,6 +11,7 @@ This release includes the following changes:
o -T. is now for non-blocking uploading from stdin
o SYST handling on FTP for OS/400 FTP server cases
o libcurl refuses to read a single HTTP header longer than 100K
This release includes the following bugfixes: