aboutsummaryrefslogtreecommitdiff
path: root/lib/curl_ntlm_core.c
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2017-09-18 00:55:07 +0200
committerDaniel Stenberg <daniel@haxx.se>2017-09-18 22:55:50 +0200
commit2bc230de63bd7da197280a69d84972b61455cd18 (patch)
treeb616832f6cd1138851d1ed87ba68fb60e0a5c85f /lib/curl_ntlm_core.c
parent1a072796d390a7f56739d48a5158c250e211e2f7 (diff)
cookies: reject oversized cookies
... instead of truncating them. There's no fixed limit for acceptable cookie names in RFC 6265, but the entire cookie is said to be less than 4096 bytes (section 6.1). This is also what browsers seem to implement. We now allow max 5000 bytes cookie header. Max 4095 bytes length per cookie name and value. Name + value together may not exceed 4096 bytes. Added test 1151 to verify Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html Reported-by: Kevin Smith Closes #1894
Diffstat (limited to 'lib/curl_ntlm_core.c')
0 files changed, 0 insertions, 0 deletions