- When downloading compressed content over HTTP and the app as asked libcurl

to automatically uncompress it with the CURLOPT_ENCODING option, libcurl could wrongly provide the callback with more data than what the maximum documented amount. An application could thus get tricked into badness if the maximum limit was trusted to be enforced by libcurl itself (as it is documented). This is further detailed and explained in the libcurl security advisory 20100209 at http://curl.haxx.se/docs/adv_20100209.html
author: Daniel Stenberg <daniel@haxx.se> 2010-02-09 09:35:48 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2010-02-09 09:35:48 +0000
commit: 06ae8ca5a6e452e5cb555c1a511a9df8dec6657c (patch)
tree: 4da3bde9c75aa774767e854132634386f6bac1d3 /lib
parent: d33da42334169ad2a1c94571fc51e3735973097b (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/content_encoding.c b/lib/content_encoding.c
index 85362da41..b8f57d001 100644
--- a/lib/content_encoding.c
+++ b/lib/content_encoding.c
@@ -40,7 +40,7 @@
    (doing so will reduce code size slightly). */
 #define OLD_ZLIB_SUPPORT 1
 
-#define DSIZ 0x10000             /* buffer size for decompressed data */
+#define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */
 
 #define GZIP_MAGIC_0 0x1f
 #define GZIP_MAGIC_1 0x8b
author	Daniel Stenberg <daniel@haxx.se>	2010-02-09 09:35:48 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2010-02-09 09:35:48 +0000
commit	06ae8ca5a6e452e5cb555c1a511a9df8dec6657c (patch)
tree	4da3bde9c75aa774767e854132634386f6bac1d3 /lib
parent	d33da42334169ad2a1c94571fc51e3735973097b (diff)