romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 22:41:40 +03:00
Code Issues Projects Releases Packages Wiki Activity

progress: count amount of data "delivered" to application

Browse source 
... and apply the CURLOPT_MAXFILESIZE limit (if set) on that as well.
This effectively protects the user against "zip bombs".

Test case 1618 verifies using a 14 byte brotli payload that otherwise
explodes to 102400 zero bytes.

Closes #20787
This commit is contained in:
Daniel Stenberg 2026-03-02 11:02:03 +01:00
parent fa13f373b2
commit 77ed315096
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
22 changed files with 218 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

1
lib/urldata.h
View file

@ -551,6 +551,7 @@ struct Progress {
force redraw at next call */
struct pgrs_dir ul;
struct pgrs_dir dl;
curl_off_t deliver; /* amount of data delivered to application */
curl_off_t current_speed; /* uses the currently fastest transfer */
curl_off_t earlydata_sent;