mirror of
https://github.com/curl/curl.git
synced 2026-06-22 10:15:39 +03:00
- I introduced a maximum limit for received HTTP headers. It is controlled by
the define CURL_MAX_HTTP_HEADER which is even exposed in the public header file to allow for users to fairly easy rebuild libcurl with a modified limit. The rationale for a fixed limit is that libcurl is realloc()ing a buffer to be able to put a full header into it, so that it can call the header callback with the entire header, but that also risk getting it into trouble if a server by mistake or willingly sends a header that is more or less without an end. The limit is set to 100K.
This commit is contained in:
Daniel Stenberg
parent
867a0de670
commit
8646cecb78
4 changed files with 33 additions and 3 deletions
|
|
@ -178,6 +178,15 @@ typedef int (*curl_progress_callback)(void *clientp,
|
|||
time for those who feel adventurous. */
|
||||
#define CURL_MAX_WRITE_SIZE 16384
|
||||
#endif
|
||||
|
||||
#ifndef CURL_MAX_HTTP_HEADER
|
||||
/* The only reason to have a max limit for this is to avoid the risk of a bad
|
||||
server feeding libcurl with a never-ending header that will cause reallocs
|
||||
infinitely */
|
||||
#define CURL_MAX_HTTP_HEADER (100*1024)
|
||||
#endif
|
||||
|
||||
|
||||
/* This is a magic return code for the write callback that, when returned,
|
||||
will signal libcurl to pause receiving on the current transfer. */
|
||||
#define CURL_WRITEFUNC_PAUSE 0x10000001
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue