diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2009-09-27 21:34:13 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2009-09-27 21:34:13 +0000 |
| commit | 8646cecb785e8ac426527daedc1eb35e27f2edca (patch) | |
| tree | 8a64406f2bf721bdd68e1da85059d5c1afa12b92 /CHANGES | |
| parent | 867a0de670f343256e88c56352c69534f852f6b5 (diff) | |
- I introduced a maximum limit for received HTTP headers. It is controlled by
the define CURL_MAX_HTTP_HEADER which is even exposed in the public header
file to allow for users to fairly easy rebuild libcurl with a modified
limit. The rationale for a fixed limit is that libcurl is realloc()ing a
buffer to be able to put a full header into it, so that it can call the
header callback with the entire header, but that also risk getting it into
trouble if a server by mistake or willingly sends a header that is more or
less without an end. The limit is set to 100K.
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -6,6 +6,16 @@ Changelog +Daniel Stenberg (27 Sep 2009) +- I introduced a maximum limit for received HTTP headers. It is controlled by + the define CURL_MAX_HTTP_HEADER which is even exposed in the public header + file to allow for users to fairly easy rebuild libcurl with a modified + limit. The rationale for a fixed limit is that libcurl is realloc()ing a + buffer to be able to put a full header into it, so that it can call the + header callback with the entire header, but that also risk getting it into + trouble if a server by mistake or willingly sends a header that is more or + less without an end. The limit is set to 100K. + Daniel Stenberg (26 Sep 2009) - John P. McCaskey posted a bug report that showed how libcurl did wrong when saving received cookies with no given path, if the path in the request had a |