diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2009-09-27 21:34:13 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2009-09-27 21:34:13 +0000 |
| commit | 8646cecb785e8ac426527daedc1eb35e27f2edca (patch) | |
| tree | 8a64406f2bf721bdd68e1da85059d5c1afa12b92 /include | |
| parent | 867a0de670f343256e88c56352c69534f852f6b5 (diff) | |
| download | curl-8646cecb785e8ac426527daedc1eb35e27f2edca.tar.gz | |
- I introduced a maximum limit for received HTTP headers. It is controlled by
the define CURL_MAX_HTTP_HEADER which is even exposed in the public header
file to allow for users to fairly easy rebuild libcurl with a modified
limit. The rationale for a fixed limit is that libcurl is realloc()ing a
buffer to be able to put a full header into it, so that it can call the
header callback with the entire header, but that also risk getting it into
trouble if a server by mistake or willingly sends a header that is more or
less without an end. The limit is set to 100K.
Diffstat (limited to 'include')
| -rw-r--r-- | include/curl/curl.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/include/curl/curl.h b/include/curl/curl.h index 34da873b6..4b79eca9f 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -178,6 +178,15 @@ typedef int (*curl_progress_callback)(void *clientp, time for those who feel adventurous. */ #define CURL_MAX_WRITE_SIZE 16384 #endif + +#ifndef CURL_MAX_HTTP_HEADER +/* The only reason to have a max limit for this is to avoid the risk of a bad + server feeding libcurl with a never-ending header that will cause reallocs + infinitely */ +#define CURL_MAX_HTTP_HEADER (100*1024) +#endif + + /* This is a magic return code for the write callback that, when returned, will signal libcurl to pause receiving on the current transfer. */ #define CURL_WRITEFUNC_PAUSE 0x10000001 |